2

Is it possible for one thread to overwrite memory in another thread's stack? Hence possibly corrupting the return address for example.

If it is possible, are there any debugging tools or other practices to help detecting such problems?

I am talking about C/C++ applications using pthreads on a Linux x86 system.

unwind
  • 391,730
  • 64
  • 469
  • 606
enomem
  • 71
  • 4
  • See also: http://stackoverflow.com/questions/1345670/stack-smashing-detected –  Jun 20 '12 at 10:52
  • 1
    Yes, as threads shares the memory space of the process they run in. The best way to detect things like this is probably [Valgrind](http://valgrind.org/). – Some programmer dude Jun 20 '12 at 10:45
  • 1
    One should probably say "yes, can, but...". Technically, it _can_ of course, since it's in the same address space. In principle, you can write to any address in your address space, as long as the memory page exists (and is writeable). However, it normally _will not_ do that e.g. by overrunning its own stack and running into another stack, since there will be non-existent pages in between which will SEGFAULT (killing the offending thread). It also _will not_ by allocating and using memory (using `malloc` or the underlying `sbrk`). – Damon Jun 20 '12 at 13:05
  • I know -fstack-protector-all for GCC is meant for hardening security against stack overrun attacks. But it seems to help also debugging as the program crashes WHEN the stack gets corrupted. Not later when all tracks of where the execution was have already been lost. – enomem Jun 29 '12 at 17:59
  • To Damon: I guess you are right on the case about thread overrunning its own stack. But I guess any pointer could accidentally point to another threads stack and used to overrun it. – enomem Jun 29 '12 at 18:38

2 Answers2

0

If you are using your own memory manager to reduce sbrk system call, valgrind may not detect ABW. Because valgrind overrides malloc of libc. If it is the case, you may have to re-link(or compile) your program to use malloc instead of your own memory alloc function.

Besides valgrind, which is a free tool, if you do not mind using commercial tools, purify may be the alternative.

The two tools differ in the way how you use it. With purify, you'll need to re-link your program with libs purify provides. With valgrind, you just run your program through valgrind, no re-linking is needed.

Young-hwi
  • 607
  • 7
  • 14
0

You could use the GCC mudflap library/instrumentation.

kfsone
  • 23,617
  • 2
  • 42
  • 74