{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 萌系小妹纸 的问题《What C/C++ tools can check for buffer overflows? [》','https://www.manongdao.com/q-139177.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've been asked to maintain a large C++ codebase full of memory leaks. While poking around, I found out that we have a lot of buffer overflows that lead to the leaks (how it got this bad, I don't ever want to know).
I've decided to removing the buffer overflows first. To make my bug-hunting easier, what tools can be used to check for buffer overruns?
Visual Studio has a /GS compiler flag that adds buffer overflow protection. Are there any others?
The problem with /GS is it won't actually scan for bugs. It will just alert you after the fact. It seems like you are looking for a tool which will scan your existing code for potential buffer over/under runs.
A good tool for this, and other defects, is the Microsoft PreFAST tool.
Information here
IBM's Purify will do this, you run your app under it and it will give you a report of all errors (including other ones).
To kill memory leaks, use UMDH - run your app, take a snapshot of the memory, run it again, snapshot and then use a diff tool to see the allocations made since the first run through (note you must run your app once, and take snapshots as best you can).
On Linux I'd use Valgrind.
I'm surprised no one's mentioned Application Verifier (free!) on Windows. Visual Leak Detector (mentioned in another answer) is absolutely amazing for tracking many types of memory leak, but Application Verifier is top dog for tracking memory errors like buffer overruns, double frees, and buffer use after free (plus many, many more).
Edit: And it's very, very easy to use.
You can try Visual Leak Detector - I used it myself, and it is the first thing I'd recommend for mem-leak detection.