HackMD - Collaborative Markdown Knowledge Base

### Heap out-of-bounds ```c= #include<stdio.h> int main() { int *address = malloc(sizeof(int)*10); printf("%d\n",address[11]); // BOOM return 0; } ``` ### ASan report ![](https://i.imgur.com/IogSzlc.png) ### valgrind report ![](https://i.imgur.com/2dBhrrf.png) ### ASan 不能 , valgrind 不能 --- ### Global out-of-bounds ```c= #include<stdio.h> int arrays[10] = {0}; int main() { printf("%d\n",arrays[11]); // BOOM return 0; } ``` ### ASan report ![](https://i.imgur.com/1SVZTbK.png) ### valgrind report ![](https://i.imgur.com/KeFVS56.png) ### ASan 不能 , valgrind 能 --- ## Stack out-of-bounds ```c= #include<stdio.h> int main() { int arrays[10] = {0}; printf("%d\n",arrays[11]); // BOOM return 0; } ``` ### ASan report ![](https://i.imgur.com/wOkwssn.png) ### valgrind report ![](https://i.imgur.com/H5JTVex.png) ### ASan 不能 , valgrind 能 ## Use-after-free ```c= #include<stdio.h> int main() { int *arrays = malloc(sizeof(int)*100); free(arrays); printf("%d\n",arrays[0]); // BOOM return 0; } ``` ### ASan report ![](https://i.imgur.com/uNKqT6M.png) ### valgrind report ![](https://i.imgur.com/SVenZEr.png) ### ASan 不能 , valgrind 不能 --- ## Use-after-return ```c= #include<stdio.h> char *x; void foo(){ char t = 'a'; x = &t; } int main(){ foo(); *x = 'b'; return 0; } ``` ### ASan report ![](https://i.imgur.com/82kAp7R.png) ### valgrind report ![](https://i.imgur.com/UYaLY5I.png) ### ASan 不能 , valgrind 能 --- ## Part II ```c= #include<stdio.h> int main() { int arrays[10] = {0}; int next[1000] = {0}; printf("%d\n",arrays[100 + 100]); return 0; } ``` ### ASan report ![](https://i.imgur.com/IeufrEz.png) ### valgrind report ![](https://i.imgur.com/tNtt8Mf.png) ### ASan 能 , valgrind 能

{"metaMigratedAt":"2023-06-16T00:14:46.452Z","metaMigratedFrom":"Content","title":"Untitled","breaks":true,"contributors":"[{\"id\":\"32e92895-af73-41b7-b396-121a8ac908dc\",\"add\":2318,\"del\":458}]"}

106 views