[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 465
  • Last Modified:

BoundsChecker 7.2 question

On one PC I have the good old NuMega BoundsChecker 6.6 .

When it encounters the execution of the following code, it immediately flags the 'memory overrun' error

char array[2];
strcpy(array, "kkkkk");

On another PC I installed version 7.2, now produced by Compuware, and named DevPartner "Error detection".
It does nothing when the above code is run. I am using the default settings after installation and failed to see a setting I might need to change for it to start alerting me on this error.

Help would be appreciated.
0
mco
Asked:
mco
  • 7
  • 3
  • 2
  • +4
1 Solution
 
grg99Commented:
You should probably switch to using "strncpy()" to avoid this error altogether.

0
 
Jaime OlivaresCommented:
char array[2];
strcpy(array, "kkkkk");


this is illegal. array has only 2 characters lenght, and you are trying to write 6 characters (five k plus null terminating character), so you are invading another memory space, causing unpredictable results.
0
 
mcoAuthor Commented:
May be I didn't make myself clear enough.
The code is obviously in error because the array is allocated for 2 chars only.
The question is why BoundsChecker 7.2 doesn't shout about this as dies BoundsChecker 6.6 .
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
grg99Commented:
I don't know exactly how boundschecker works, but I assume they have a custom strcpy() function that checks its parameters against some master table of varaiable sizeofs().

Perhaps you didnt link against the right library?   The boundschecker library has to come before the standard C library.
Perhaps your LIB or LIBS environment variable is incorrect?

To diagnose this further you could run  your code thru a disassember so we could see exactly what is getting called.

0
 
mcoAuthor Commented:
I didn't link it against any library. I didn't have to in 6.6 and don't have to in 7.2 . BC works at the low level and does not replace functions.

This question is targeted to people who know and use BoundsChecker as can be deduced from the title.
0
 
AxterCommented:
It might be that the compiler is compiling away the code if it's not being used.

Try modifying the code to make sure the compiler includes it.
char array[2];
strcpy(array, "kkkkk");
cout << array << endl;

or printf(array);

If the compiler compiles away the code, there's nothing for BoundsChecker to work on.
0
 
grg99Commented:
>This question is targeted to people who know and use BoundsChecker as can be deduced from the title.

"knowing and using" it isnt that helpful at diagnosing this problem, you need somebody that has a clue how BoundsChecker works, or someone that has written something similar..... like me!

Boundschecker is likely diagnosing this error by doing one or more of the following:

(1) It modifies the source code going into the compiler by:

Adding some lines like  "#define  strcpy   strcpy_Boundschecker" as to trap these errors at runtime.

... or  replacing the C preprocessor with its filter program that does the renaming.

(2) or It modifies the linking process by  
       adding some linker directives to redirect strcpy to strcpy_Boundschecker.
... or  replacing the C library with it's own.
... or  declaring the C library to be ina DLL, and then supplying its own DLL

or
(3)  Modifying the execution process by:
     patching all the calls to strcpy to strcpy_Boundschecker at run-time by patching the executable file, or the image in memory.
     patching the indirect calls to a DLL by patching the DLL linkage table.

-------------------------------------------------

I submit it has to do ONE or more of the above in order to catch this error at run-time.
We can only tell which is beiing done, or not being done, or being done incorrectly, by looking at the .obj file or .exe file disassembly.

Please help us answer your question-- throw us a bone by giving us the disassembly of that code.

Regards,

grg99


0
 
jkrCommented:
Are you running the 'instrumented' executable built with BC or just the original under BC? Using the latter, the error should go unnoticed, but the instrumented version is supposed to detect that.
0
 
mcoAuthor Commented:
Replies:

Axter,  the code is being used. I didn't publish the full code. It is compiles in Debug configuration (no optimization) and a breakpoint proves that it is reached.

grg99, this is not an issue of analyzing how BoundsChecker works. It is a user question. It is a question of how to operate correctly.
In one version in works, in another it doesn't. Most likely, the answer will be related to some configuration setting. The code excerpt I wrote is the most basic runtime error that BC is supposed to catch, therefore its name: BoundsChecker. I put the code in just to make sure the new version works OK, but it doesn't :-(
0
 
mcoAuthor Commented:
Reply:
jkr, I tried both instrumented and not. BTW, in the old version this basic runtime error was caught even without instrumentation.
0
 
pb_indiaCommented:
Did you check the setting for errors, memory and leaks?
I think its a radio button.
0
 
mcoAuthor Commented:
In the settings for "Memoery tracking" I had to choose "On All Memory API Calls". It was set on "On Free".
Seems stupid that it wasn't like that by default, this is the basic and most important error a tool like BC is used for.
In case of "On free", it is detected only if the array is dynamically allocated and only when it is freed .

0
 
mcoAuthor Commented:
I accepted that prematurely.
What I wrote above holds only for arrays on the heap.
For static arrays and ones on the stack, BC 7.2 doesn't shout at all.

0
 
BobbyChawlaCommented:
Bounds Checker seems to have many options, many of them are off by default.
To check for errors on the stack, it is necessary to enable the "Call Validation"
and then select "Enable memory block checking" on the "Call Validation" page.

B.
0
 
mcoAuthor Commented:
Great answer.
How do I give you points now?
In retrospect I should split them between you and "pb india", one answered for heap and the other for stack.
0
 
BobbyChawlaCommented:
Thanks for the "thumbs up".  Don't worry about the points.

I'm currently evaluating DevPartner/BoundsChecker for my company, and that puzzle gave me a good afternoon's worth of entertainment :-)

B.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 3
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now