Sorry if this question is too generic, but I want to know which approach I should use to debug a program that returns correct results when Address Space Randomization is disabled and incorrect results otherwise. To be a little more specific, I'm using gdb as debugger and when I run my program without it attached or with it attached but using set disable-randomization off, it returns incorrect results. However, when I run it under gdb with set disable-randomization on it runs as expected. I want to know which type of bugs in my program would make it behave like that.
Asked
Active
Viewed 42 times
1
dsilva.vinicius
- 345
- 2
- 13
1 Answers
2
I want to know which type of bugs in my program would make it behave like that.
In my experience, the most common types of bugs that ASLR exposes are:
- using uninitialized memory (by far most common)
- failing to have proper function declaration (64-bit mode only; plain-C)
- making incorrect assumptions about in-memory process layout (only shows in programs that examine their own memory layout in some way).
Then uninitialized memory could be either stack or (more likely) heap.
The missing function prototype can result in truncation of return value:
void *p = fn(); // If fn is not declared, p could be truncated to lower
// 32-bits, because the compiler will think it returns 'int'
Employed Russian
- 199,314
- 34
- 295
- 362