56

I am at the very beginning of learning C.

I am trying to write a function to open a file, read a BUFFER_SIZE, store the content in an array, then track the character '\n' (because I want to get each line of the input).

when I set the BUFFER_SIZE very large, I can get the first line. when I set the BUFFER_SIZE reasonably small (say, 42) which is not yet the end of the first line , it prints out some weird symbol at the end, but I guess it is some bug in my own code.

however, when I set the BUFFER_SIZE very small, say = 10, and i use the -fsanitizer=address to check for memory leak. it throws a monster of error:

==90673==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000fb at pc 0x000108868a95 bp 0x7fff573979a0 sp 0x7fff57397998
READ of size 1 at 0x6020000000fb thread T0

If anyone can explain me in a general sense:

  • what is fsanitizer=address flag?

  • what is heap-buffer-overflow?

  • what is address and thread? what is the flag to see the thread in colors on screen?

  • and why it says 'read of size 1 at address.." ?

i would really appreciate <3

trincot
  • 317,000
  • 35
  • 244
  • 286
Dr Linh Chi Nguyen
  • 1,063
  • 1
  • 9
  • 17
  • @n.m. funny it is truly the same error 'in my code' i mentioned. i did allocate an extra byte. but i did not put a 0 to make sure i end that buffer. :D – Dr Linh Chi Nguyen Jul 29 '18 at 11:38

3 Answers3

54

what is fsanitizer=address flag?

Usually C compiler doesn't add boundaries check for memory access. Sometimes due to code error, there is read or write from outside the buffer, such an error is usually hard to detect. Using this flag the compiler add some boundaries check, to ensure you won't use a buffer to reach outside of its allocation.

what is heap-buffer-overflow?

use an array to reach after its allocation, 

char* x = malloc(10);
char n=x[11]; //heap-buffer-overflow

(underflow is to reach before its allocation) 

char* x = malloc(10);
char n=x[-11]; //heap-buffer-underflow

what is address and thread?

Address is position in memory, thread is part of process running sequence of code.

and why it says 'read of size 1 at address.." ?

It means you read single byte form the given address.

I think your problem is that you allocate the BUFFER_SIZE for the buffer and read the same BUFFER_SIZE into it. The correct approach is to always declare at least one more byte than you read. like this:

char* buff = malloc(BUFFER_SIZE+1);//notice to +1
fread(buff,1,BUFFER_SIZE,fp);
displayName
  • 13,888
  • 8
  • 60
  • 75
SHR
  • 7,940
  • 9
  • 38
  • 57
  • 2
    An array is usually not located on the heap; it is either on the stack or in the bss, depending on the scope it was declared. Heap space is usually allocated by `malloc()` – Ctx Jul 29 '18 at 10:40
  • @Ctx it is just example for overflow. – SHR Jul 29 '18 at 10:43
  • Well, it is not a heap buffer overflow, as you claim. technically, it is not an overflow at all, since you do not _write_ past its end. – Ctx Jul 29 '18 at 10:44
  • in this case there is READ outside the allocation. I guess while printing the buffer. – SHR Jul 29 '18 at 10:46
  • I tried to explain, that in your example `int n=x[11];` `x` is neither a heap buffer, nor is it a buffer overflow. You should really provide a more appropriate example for your section _what is heap-buffer-overflow_. – Ctx Jul 29 '18 at 10:54
  • I've fixed it to `malloc`ed buffer – SHR Jul 29 '18 at 10:58
  • I have decalred my array like ```int dp[100][100]``` but still getting ```AddressSanitizer: heap-buffer-overflow``` with ```-fsanitize=address``` flag in g++. Please can you explain why am I getting heap-buffer-overflow for memory in stack. – Vishal Singh Apr 26 '20 at 16:00
  • 2
    this error in C is evergreen :D I get a stable stream of karma point from this problem i had a few year ago ^^ – Dr Linh Chi Nguyen Jul 22 '20 at 01:45
  • Usually, the `size + 1` is done when allocating a buffer to hold a c-string plus the trailing null byte. If what you are storing is not and will not be treated as a c-string, the extra byte is superfluous. Also, if you were to print out the buffer in the last example, you cannot guarantee that the buffer ends in a null byte, so you could still read out of bounds! – multithr3at3d Nov 08 '22 at 03:16
13

In simple words it is segmentation fault with the variable created using new keyword as all that goes into heap area of memory.

Explanation - you are trying to access such an address for which you haven't declared your variable, to find all such errors revisit all your conditions and check if you are accessing something out of bounds or not.

Sumit Kapoor
  • 1,089
  • 12
  • 10
-1

This can also be rectified by making fast input output by:-

//For FAST I/O

    **ios_base::sync_with_stdio(false);
    cin.tie(NULL);**
Hari Prakash
  • 1