16,472
社区成员
发帖
与我相关
我的任务
分享C++检测内寸漏洞
// 这段代码在VC++6.0下编译通过, 部分想法来源于网上, 本着想法共享的原则, 写出来希望大家有
// 用!!用于C++检测内寸漏洞 MAKER LN
#include "stdafx.h"
#include <list>
using namespace std;
#ifdef _DEBUG
typedef struct
{
long address;
long size;
char file[1024];
long line;
char func[1024];
int deleteFlag;
} ALLOC_INFO;
typedef list<ALLOC_INFO *> AllocList;
AllocList *allocList;
void AddTrack(long addr, long asize, const char *fname, long lnum,
const char *funcname, int flag = 1)
{
ALLOC_INFO *info;
if(!allocList)
{
allocList = new(AllocList);
}
info = new(ALLOC_INFO);
info->address = addr;
strncpy(info->file, fname, 1023);
info->line = lnum;
info->size = asize;
info->deleteFlag = flag;
strncpy(info->func, funcname, 1023);
allocList->insert(allocList->begin(), info);
}
void RemoveTrack(long addr)
{
AllocList::iterator i;
if(!allocList)
return;
for(i = allocList->begin(); i != allocList->end(); i++)
{
if((*i)->address == addr)
{
if((*i)->deleteFlag == 1)
{
// new
allocList->remove((*i));
free((void*)addr);
}
break;
}
}
};
void RemoveTrackArray(long addr)
{
AllocList::iterator i;
if(!allocList)
return;
for(i = allocList->begin(); i != allocList->end(); i++)
{
if((*i)->address == addr)
{
if((*i)->deleteFlag == 2)
{
// new[] 1
allocList->remove((*i));
free((void*)addr);
}
else if((*i)->deleteFlag == 3)
{
// new[] 2
allocList->remove((*i));
}
break;
}
}
};
void OutputDebugString(char *buff)
{
printf(buff);
printf("\n");
}
void OutputUnfreed()
{
AllocList::iterator i;
long totalSize = 0;
char buf[1024];
if(!allocList)
{
return;
}
for(i = allocList->begin(); i != allocList->end(); i++)
{
if((*i)->deleteFlag == 1 || (*i)->deleteFlag == 2)
{
sprintf(buf, "Filename%-70s\nLine(%d), Function(%s), Address(%d) Size(%d) unfreed ",
(*i)->file, (*i)->line, (*i)->func, (*i)->address, (*i)->size);
OutputDebugString(buf);
totalSize += (*i)->size;
}
}
sprintf(buf, "----------------------------------------------------------- ");
OutputDebugString(buf);
sprintf(buf, "Total Unfreed: %d bytes ", totalSize);
OutputDebugString(buf);
};
#endif
#ifdef _DEBUG
long deleteNum = 0;
inline void * __cdecl operator new(unsigned int size,
const char *file, int line, const char *func)
{
void *ptr = (void *)malloc(size);
AddTrack((long)ptr, size, file, line, func);
return(ptr);
};
inline void __cdecl operator delete(void *p)
{
RemoveTrack((long)p);
};
inline void * __cdecl operator new[](unsigned int size,
const char *file, int line, const char *func)
{
void *ptr = (void *)malloc(size);
AddTrack((long)ptr, size, file, line, func, 2);
AddTrack((long)ptr, size, file, line, func, 3);
return(ptr);
};
inline void __cdecl operator delete[](void *p)
{
RemoveTrackArray((long)p);
RemoveTrackArray((long)p);
};
#endif
#ifndef __FUNCTION__
#define __FUNCTION__ "Undefined"
#endif
#ifdef _DEBUG
#define DEBUG_MSF_NEW new(__FILE__, __LINE__, __FUNCTION__)
#else
#define DEBUG_MSF_NEW new
#endif
#define new DEBUG_MSF_NEW
int main(int argc, char* argv[])
{
printf("Hello World!\n");
// char *p = new char[5];
int *p1 = new int;
int *p2 = new int;
int *p3 = new int;
int *p4 = new int;
int *p5 = new int;
int *p6 = new int;
int *p7 = new int;
int *p8 = new int[5];
int *p9 = new int[5];
delete p8;
delete p7;
delete[] p6;
delete p5;
delete[] p9;
OutputUnfreed();
return 0;
}
// 用!!用于C++检测内寸漏洞 MAKER LN
#include "stdafx.h"
#include <list>
using namespace std;
#ifdef _DEBUG
typedef struct
{
long address;
long size;
char file[1024];
long line;
char func[1024];
int deleteFlag;
} ALLOC_INFO;
typedef list<ALLOC_INFO *> AllocList;
AllocList *allocList;
void AddTrack(long addr, long asize, const char *fname, long lnum,
const char *funcname, int flag = 1)
{
ALLOC_INFO *info;
if(!allocList)
{
allocList = new(AllocList);
}
info = new(ALLOC_INFO);
info->address = addr;
strncpy(info->file, fname, 1023);
info->line = lnum;
info->size = asize;
info->deleteFlag = flag;
strncpy(info->func, funcname, 1023);
allocList->insert(allocList->begin(), info);
}
void RemoveTrack(long addr)
{
AllocList::iterator i;
if(!allocList)
return;
for(i = allocList->begin(); i != allocList->end(); i++)
{
if((*i)->address == addr)
{
if((*i)->deleteFlag == 1)
{
// new
allocList->remove((*i));
free((void*)addr);
}
break;
}
}
};
void RemoveTrackArray(long addr)
{
AllocList::iterator i;
if(!allocList)
return;
for(i = allocList->begin(); i != allocList->end(); i++)
{
if((*i)->address == addr)
{
if((*i)->deleteFlag == 2)
{
// new[] 1
allocList->remove((*i));
free((void*)addr);
}
else if((*i)->deleteFlag == 3)
{
// new[] 2
allocList->remove((*i));
}
break;
}
}
};
void OutputDebugString(char *buff)
{
printf(buff);
printf("\n");
}
void OutputUnfreed()
{
AllocList::iterator i;
long totalSize = 0;
char buf[1024];
if(!allocList)
{
return;
}
for(i = allocList->begin(); i != allocList->end(); i++)
{
if((*i)->deleteFlag == 1 || (*i)->deleteFlag == 2)
{
sprintf(buf, "Filename%-70s\nLine(%d), Function(%s), Address(%d) Size(%d) unfreed ",
(*i)->file, (*i)->line, (*i)->func, (*i)->address, (*i)->size);
OutputDebugString(buf);
totalSize += (*i)->size;
}
}
sprintf(buf, "----------------------------------------------------------- ");
OutputDebugString(buf);
sprintf(buf, "Total Unfreed: %d bytes ", totalSize);
OutputDebugString(buf);
};
#endif
#ifdef _DEBUG
long deleteNum = 0;
inline void * __cdecl operator new(unsigned int size,
const char *file, int line, const char *func)
{
void *ptr = (void *)malloc(size);
AddTrack((long)ptr, size, file, line, func);
return(ptr);
};
inline void __cdecl operator delete(void *p)
{
RemoveTrack((long)p);
};
inline void * __cdecl operator new[](unsigned int size,
const char *file, int line, const char *func)
{
void *ptr = (void *)malloc(size);
AddTrack((long)ptr, size, file, line, func, 2);
AddTrack((long)ptr, size, file, line, func, 3);
return(ptr);
};
inline void __cdecl operator delete[](void *p)
{
RemoveTrackArray((long)p);
RemoveTrackArray((long)p);
};
#endif
#ifndef __FUNCTION__
#define __FUNCTION__ "Undefined"
#endif
#ifdef _DEBUG
#define DEBUG_MSF_NEW new(__FILE__, __LINE__, __FUNCTION__)
#else
#define DEBUG_MSF_NEW new
#endif
#define new DEBUG_MSF_NEW
int main(int argc, char* argv[])
{
printf("Hello World!\n");
// char *p = new char[5];
int *p1 = new int;
int *p2 = new int;
int *p3 = new int;
int *p4 = new int;
int *p5 = new int;
int *p6 = new int;
int *p7 = new int;
int *p8 = new int[5];
int *p9 = new int[5];
delete p8;
delete p7;
delete[] p6;
delete p5;
delete[] p9;
OutputUnfreed();
return 0;
}
...全文
请发表友善的回复…
发表回复
q1q2q3q4ln 2004-09-13
- 打赏
- 举报
UP
