Brian Foster wrote:
> | Date: Sat, 23 Jul 2005 15:57:45 +0100
> | From: Bryan O'Donoghue <typedef at eircom.net>
> | Brian Foster wrote:
> | > oh, b.t.w., if the array is dynamic (e.g., malloc(3)ed),
> | > then `valgrind' _does_ spot the error [ ... ]
> | This being because valgrind places a non writable page after
> | each alloc'd similar to ElectricFence presumably ?!
>> no. read the valgrind docs on how it works.
>> also, you can see this isn't the case by
> closely examining the previously-posted
> diagnostic. `valgrind' reports a 4-byte
> write to a 2-byte malloc()ed block in the
> middle of page.
Yes you are right, about that, I didn't read the output. It's worth
noting though, it *should* be fairly trivial with a non-writable page
based scheme, to tell how much of an overwrite we did, on a given
> | Unfortunately, it (valgrind) probably can't do that with a
> | stack frame, unless someone could think of a very smart way,
> | to, dynamically replace a procedure prolog at runtime, when
> | running under valgrind !!
>> which ("replacing a proc...") is, broadly,
> exactly what `valgrind' _does_ do, albeit
> when the program is loaded (before the
> program starts execution). what `valgrind'
> does is add "instrumentation" to the code and
> executes the result on a synthetic CPU using
> AV-enhanced memory. (the synthetic CPU means,
> amongst other points, `valgrind' trivially
> knows the write-size.) again, the `valgrind'
> docs contain more details.
You're not groking my input.
For valgrind, since it is a simulated CPU it should be possible to
examine the procedure prolog, noting where variables for a given stack
are created ... flag the number of bytes grabbed... in a table, for
address (0xBLAH) and then noting code that touched memory beyond the end
address of what we took from esp... but, it would probably require
intercepting call instructions (as is done in valgrind I believe) and
then parsing opcodes subsequent to call instructions to decide *how much
we took* from the stack. Parsing the opcodes like that, would probably
be very slow... mightn't _work_ ... and again mightn't even be the
optimal means of achieving what we want to do.
"I have to return some video tapes" -- Patrick Bateman
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!