Valgrind won't detect buffer overflow

About

Asked 24/4, 2015 at 8:46 Answered 24/4, 2015 at 8:57

#include <stdio.h>
main()
{     
    char buf[8];
    sprintf(buf,"AAAA%3s","XXssssssssXXXsssssXXX");
    printf("%s\n",buf);
}

I expected valgrind to detect a buffer overflow with the above code. But it does not report any errors or warnings. Do I need to enable any special flags for that?

Hector answered 24/4, 2015 at 8:46 Comment(2)

With a recent gcc or clang compiler, you could compile with -Wall -g -fsanitize=address and it might give a message at runtime. BTW sprintf is intrinsically unsafe and should not be used. Use snprintf or asprintf – Spectroscopy 24/4, 2015 at 9:1

See our CheckPointer tool; it will find many memory errors that valgrind cannot. semdesigns.com/Products/MemorySafety – Levirate 24/4, 2015 at 9:12

From Valgrind Tutorial

What valgrind is NOT

Although valgrind is an extremely useful program, it will not miraculously tell you about every memory bug in your program. There are several limitations that you should keep in mind. It does not do bounds checking on stack/static arrays ..

Chromatics answered 24/4, 2015 at 8:57 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags