How to debug 'Stack smashing detected'? [closed]

Asked 10/4, 2012 at 11:23 Answered 10/4, 2012 at 12:11

I have a complex c++ code. It's a FastCGI program, using the FastCGI C++ Class library.

When I ask it for a very looooong url, I get:

*** stack smashing detected ***: ./tileserve terminated
Erreur de segmentation

For real life applications, it's not an issue since I never use so long URLs, but this means that anyone could terminate my server... I don't like that.

Is there a tool to find out where this problem appears? How do I use it?

EDIT: SOLVED

I was doing this:

int len;
char uri[200];

len = strlen(request.params[std::string("REQUEST_URI")].c_str());
printf("%d\n", len);

if (len > 200) return 1;

strcpy(uri, request.params[std::string("REQUEST_URI")].c_str());

Looks like 200 was too high for the len test. It actually fails at 194.

So instead I did this:

if (len > 190) return 1;

Now, it's fine.

Hectare answered 10/4, 2012 at 11:23 Comment(6)

Stack trace can give you a hint. – Choe 10/4, 2012 at 11:25

+1 for Erreur de segmentation – Boccie 10/4, 2012 at 11:25

Let me guess. The error is caused because the URL is too long for the buffer you put it in. – Eleemosynary 10/4, 2012 at 11:28

Check the buffers the url goes into.. checkout valgrind for the exact location of the overflow. – Graphitize 10/4, 2012 at 11:29

Don't ever use a function like strcpy if writing something like a webserver. This is a potential security issue. Instead use something like strncpy that makes sure you don't copy too much into the buffer. – Vast 3/10, 2015 at 22:47

Len = 200 is too high by default.. array of 200 chars can fit a string only 199 chars long – Hyphen 29/9, 2020 at 15:58

If you read the website you will realize that this is a simple C++ wrapper over a C library.

A typical issue with C library are buffer overruns:

#include <cstring>
#include <cstdio>

int main(int argc, char* argv[]) {
  char buffer[16]; // ought to be sufficient

  strcpy(buffer, argv[1]);
  printf("%s", buffer);
}

Try this program:

> ./test "a"
a
> ./test "abcdefghijklmnoprqstuvwxyz"
???

Because the buffer can only contain 16 characters, the remaining characters will be written past its end. This is stack smashing, and undefined behavior.

A number of implementations of either the runtime library or your OS may detect this situation in some conditions and terminate the program.

Either you are doing something wrong or the library is.

To locate the issue, you could use Valgrind or run your program in a debugger. Alternatively, if your system allows it, you might have a memory dump at the moment the program was killed. You can also view this memory dump in a debugger.

Swineherd answered 10/4, 2012 at 11:43 Comment(6)

Yeah, I understand what is the problem. The issue is to locate it... – Hectare 10/4, 2012 at 11:46

@user1219721: oups sorry, missed that part. Use a debugger (integrated in VC++ or gdb on Linux). – Swineherd 10/4, 2012 at 11:52

Valgrind is useless here, since it does not detect stack-based memory errors - only heap memory corruption. – Lobar 10/4, 2012 at 12:5

@CharlesSalvia: In the toy example I presented yes. In general... it's a bit more difficult: I suspect a buffer overrun but it could simply be reading a non-initialized value and using it as an offset. – Swineherd 10/4, 2012 at 13:55

@MatthieuM. +1 and removed my comments . – Sse 11/4, 2012 at 15:17

@CharlesSalvia Gcc got stack protector option which allows to see proper backtrace. To actually find who smasher is, one should figure out address where bad things were written to and put breakpoint watch at that address – Hyphen 29/9, 2020 at 15:56

You can use something like valgrind, or your compiler may have static analysis that can find places you might be overrunning buffers.

Also you can just audit your code for uses of error prone functions like strcpy and replace them with safe functions like strncpy, or better yet just use objects that manage their own memory like std::string.

Caerphilly answered 10/4, 2012 at 12:11 Comment(0)

EDIT: SOLVED

Recommended topics

Hot tags