What C/C++ tools can check for buffer overflows? [

2019-01-16 14:39发布

I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever want to know).

I've decided to removing the buffer overflows first. To make my bug-hunting easier, what tools can be used to check for buffer overruns?

14条回答
做自己的国王
2楼-- · 2019-01-16 15:16

Visual Studio has a /GS compiler flag that adds buffer overflow protection. Are there any others?

查看更多
Ridiculous、
3楼-- · 2019-01-16 15:17

The problem with /GS is it won't actually scan for bugs. It will just alert you after the fact. It seems like you are looking for a tool which will scan your existing code for potential buffer over/under runs.

A good tool for this, and other defects, is the Microsoft PreFAST tool.

Information here

查看更多
Evening l夕情丶
4楼-- · 2019-01-16 15:20

IBM's Purify will do this, you run your app under it and it will give you a report of all errors (including other ones).

To kill memory leaks, use UMDH - run your app, take a snapshot of the memory, run it again, snapshot and then use a diff tool to see the allocations made since the first run through (note you must run your app once, and take snapshots as best you can).

查看更多
该账号已被封号
5楼-- · 2019-01-16 15:24

On Linux I'd use Valgrind.

查看更多
时光不老,我们不散
6楼-- · 2019-01-16 15:24

I'm surprised no one's mentioned Application Verifier (free!) on Windows. Visual Leak Detector (mentioned in another answer) is absolutely amazing for tracking many types of memory leak, but Application Verifier is top dog for tracking memory errors like buffer overruns, double frees, and buffer use after free (plus many, many more).

Edit: And it's very, very easy to use.

查看更多
做自己的国王
7楼-- · 2019-01-16 15:25

You can try Visual Leak Detector - I used it myself, and it is the first thing I'd recommend for mem-leak detection.

查看更多
登录 后发表回答