Question

似乎AddressSanitizer检测到heap-buffer-overflow，但输出不像示例here那么清晰。

如何获得发生溢出的行？

我该如何解释这个结果？

[1m[31m==27467== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60a4000b2a80 at pc 0x40730e bp 0x7fffffffcf10 sp 0x7fffffffcf08
[1m[0m[1m[34mWRITE of size 8 at 0x60a4000b2a80 thread T0[1m[0m
    #0 0x40730d (/home/user/Desktop/ImageRegistration/ImageRegistration+0x40730d)
    #1 0x406624 (/home/user/Desktop/ImageRegistration/ImageRegistration+0x406624)
    #2 0x40211b (/home/user/Desktop/ImageRegistration/ImageRegistration+0x40211b)
    #3 0x402bf3 (/home/user/Desktop/ImageRegistration/ImageRegistration+0x402bf3)
    #4 0x7ffff3866f44 (/lib/x86_64-linux-gnu/libc-2.19.so+0x21f44)
    #5 0x401d78 (/home/user/Desktop/ImageRegistration/ImageRegistration+0x401d78)
[1m[32m0x60a4000b2a80 is located 0 bytes to the right of 74368-byte region [0x60a4000a0800,0x60a4000b2a80)
[1m[0m[1m[35mallocated by thread T0 here:[1m[0m
    #0 0x7ffff413941a (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1541a)
    #1 0x7ffff7b3bfb7 (/home/user/libs/opencv-2.4.13_QT/lib/libopencv_core.so.2.4.13+0x203fb7)
Shadow bytes around the buggy address:
  0x0c150000e500: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m
  0x0c150000e510: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m
  0x0c150000e520: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m
  0x0c150000e530: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m
  0x0c150000e540: [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m [1m[0m00[1m[0m
=>0x0c150000e550:[[1m[31mfa[1m[0m][1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m
  0x0c150000e560: [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m
  0x0c150000e570: [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m
  0x0c150000e580: [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m
  0x0c150000e590: [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m
  0x0c150000e5a0: [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m [1m[31mfa[1m[0m
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           [1m[0m00[1m[0m
  Partially addressable: [1m[0m01[1m[0m [1m[0m02[1m[0m [1m[0m03[1m[0m [1m[0m04[1m[0m [1m[0m05[1m[0m [1m[0m06[1m[0m [1m[0m07[1m[0m 
  Heap left redzone:     [1m[31mfa[1m[0m
  Heap righ redzone:     [1m[31mfb[1m[0m
  Freed Heap region:     [1m[35mfd[1m[0m
  Stack left redzone:    [1m[31mf1[1m[0m
  Stack mid redzone:     [1m[31mf2[1m[0m
  Stack right redzone:   [1m[31mf3[1m[0m
  Stack partial redzone: [1m[31mf4[1m[0m
  Stack after return:    [1m[35mf5[1m[0m
  Stack use after scope: [1m[35mf8[1m[0m
  Global redzone:        [1m[31mf9[1m[0m
  Global init order:     [1m[36mf6[1m[0m
  Poisoned by user:      [1m[34mf7[1m[0m
  ASan internal:         [1m[33mfe[1m[0m
==27467== ABORTING

Answer 1

听起来你需要在执行程序之前设置一些环境变量才能获得可读的输出：即ASAN_OPTIONS，symbolize和ASAN_SYMBOLIZER_PATH（假设你有一个合适的符号化器））。所以像这样：

ASAN_OPTIONS=symbolize=1 ASAN_SYMBOLIZER_PATH=$(shell which llvm-symbolizer) ./a.out

这来自文档here

Answer 2

似乎您也将ANSI颜色代码复制到了输出中。这是一个更清晰的版本：

==27467== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60a4000b2a80 at pc 0x40730e bp 0x7fffffffcf10 sp 0x7fffffffcf08
WRITE of size 8 at 0x60a4000b2a80 thread T0
    #0 0x40730d (/home/user/Desktop/ImageRegistration/ImageRegistration+0x40730d)
    #1 0x406624 (/home/user/Desktop/ImageRegistration/ImageRegistration+0x406624)
    #2 0x40211b (/home/user/Desktop/ImageRegistration/ImageRegistration+0x40211b)
    #3 0x402bf3 (/home/user/Desktop/ImageRegistration/ImageRegistration+0x402bf3)
    #4 0x7ffff3866f44 (/lib/x86_64-linux-gnu/libc-2.19.so+0x21f44)
    #5 0x401d78 (/home/user/Desktop/ImageRegistration/ImageRegistration+0x401d78)
0x60a4000b2a80 is located 0 bytes to the right of 74368-byte region [0x60a4000a0800,0x60a4000b2a80)
allocated by thread T0 here:
    #0 0x7ffff413941a (/usr/lib/x86_64-linux-gnu/libasan.so.0.0.0+0x1541a)
    #1 0x7ffff7b3bfb7 (/home/user/libs/opencv-2.4.13_QT/lib/libopencv_core.so.2.4.13+0x203fb7)
Shadow bytes around the buggy address:
  0x0c150000e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c150000e510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c150000e520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c150000e530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c150000e540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c150000e550:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c150000e560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c150000e570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c150000e580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c150000e590: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c150000e5a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:     fa
  Heap righ redzone:     fb
  Freed Heap region:     fd
  Stack left redzone:    f1
  Stack mid redzone:     f2
  Stack right redzone:   f3
  Stack partial redzone: f4
  Stack after return:    f5
  Stack use after scope: f8
  Global redzone:        f9
  Global init order:     f6
  Poisoned by user:      f7
  ASan internal:         fe
==27467== ABORTING

要获取行号，必须指定llvm-symbolizer二进制文件的路径，方法是通过PATH环境变量访问它，或者直接在ASAN_SYMBOLIZER_PATH环境变量中指定它的路径名

如何解释AddressSanitizer输出？

2 个答案: