(轉)Linux 下棧溢出問題分析解決 *** stack smashing detected *** XXXX terminated

Linux 下棧溢出問題分析解決 *** stack smashing detected *** XXXX terminated
1、利用gdb 或者valgrind 定位到具體的代碼
最近在Linux下調試程序，程序異常終止，具體現象如下

*** stack smashing detected ***: ../out/Load terminated
Aborted (core dumped)

利用GDB調試程序下如下

*** stack smashing detected ***: /wan/2.III-A/out/Load terminated

Thread 10 "Load" received signal SIGABRT, Aborted.
[Switching to Thread 0xb37f9b40 (LWP 10889)]
0xb7fdac31 in __kernel_vsyscall ()
(gdb) bt
#0  0xb7fdac31 in __kernel_vsyscall ()
#1  0xb7c6dea9 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#2  0xb7c6f407 in __GI_abort () at abort.c:89
#3  0xb7ca937c in __libc_message (do_abort=1, fmt=0xb7da02c7 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175
#4  0xb7d39708 in __GI___fortify_fail (msg=<optimized out>) at fortify_fail.c:37
#5  0xb7d39698 in __stack_chk_fail () at stack_chk_fail.c:28
#6  0x081a0cb9 in xxxxxxx (stGravDataReport=...) at xxxxxxx.cpp:139

通過gdb 基本上可以定位出代碼行數。
同樣利用valgrind 同樣也可以定位出該問題，具體方法為：

root@/root# valgrind --tool=memcheck --leak-check=full --show-reachable=yes --trace-children=yes ../out/Load 
==10854== Memcheck, a memory error detector
==10854== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==10854== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
==10854== Command: ../out/Load
==10854== 

*** stack smashing detected ***: ../out/Load terminated
==10854== 
==10854== Process terminating with default action of signal 6 (SIGABRT): dumping core
==10854==    at 0x4244EA9: raise (raise.c:54)
==10854==    by 0x4246406: abort (abort.c:89)
==10854==    by 0x428037B: __libc_message (libc_fatal.c:175)
==10854==    by 0x4310707: __fortify_fail (fortify_fail.c:37)
==10854==    by 0x4310697: __stack_chk_fail (stack_chk_fail.c:28)
==10854==    by 0x81A0CB8: xxxxxxxxxx
(xxxxxxx) (xxxxxxxxxxxxxxx.cpp:139)
==10854==    by 0x38303930: ???

分析的棧信息相同。

2、分析產生原因
通過查看代碼可以分析到代碼中使用了不安全的函數 sprintf
再次利用gdb進行問題定位：查看到 是由於sprintf拼接成數組長度過長，導致棧溢出。
棧溢出之后會導致棧內的局部變量值混亂。
————————————————
版權聲明：本文為CSDN博主「碼中飛翔」的原創文章，遵循CC 4.0 BY-SA版權協議，轉載請附上原文出處鏈接及本聲明。
原文鏈接：https://blog.csdn.net/wanxuexiang/article/details/89979901