LeakSanitizer 和泄漏库
LeakSanitizer and leaky libraries
我正在尝试使用 gcc 的 leak sanitizer 选项来检测程序中的泄漏。
为此,我使用相关标志编译,运行 我的程序,然后终止,结果如下:
==8013==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 72704 byte(s) in 1 object(s) allocated from:
#0 0x7f3ace944ada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f3ab2f8690d (<unknown module>)
#2 0x7f3ab2f50525 (<unknown module>)
Direct leak of 72704 byte(s) in 1 object(s) allocated from:
#0 0x7f3ace944ada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f3ab51d2aad (<unknown module>)
#2 0x7f3ab51c4475 (<unknown module>)
Direct leak of 256 byte(s) in 1 object(s) allocated from:
#0 0x7f3ace944ada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x562db822861c in RenderHandler::RenderHandler() ../Src/main.cpp:68
#2 0x562db8226ee2 in main ../Src/main.cpp:200
#3 0x7f3acdf61ee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2)
Direct leak of 232 byte(s) in 5 object(s) allocated from:
#0 0x7f3ace944ada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f3ab3e31677 (<unknown module>)
[...]
据我所知,许多库(甚至是标准库)都可能存在漏洞代码,对此我并不十分担心。如果我的视频驱动程序有漏洞代码,我不会修复它。
然而,在上面的堆栈跟踪中,存在一处相关泄漏(已报告第三处)。那个是我特意加的。
我不想打印 "unkown modules" 中发生的任何泄漏,因为我无法修复发生在我不知道的地方的泄漏(这些可能来自第三方库),并且他们倾向于隐藏我实际上可以修复的漏洞。
是否有机制指示泄漏消毒剂避免打印某些类型的泄漏?
使用抑制文件,如 AddressSanitizerLeakSanitizer#suppressions 中所述:
You can instruct LeakSanitizer to ignore certain leaks by passing in a suppressions file. The file must contain one suppression rule per line, each rule being of the form leak:<pattern>. The pattern will be substring-matched against the symbolized stack trace of the leak. If either function name, source file name or binary file name matches, the leak report will be suppressed.
你通过设置环境变量在运行时传递文件LSAN_OPTIONS=suppressions:my_suppressions.txt。
在您的特定情况下,由于 <unknown module> 条目,可能很难找到合适的字符串进行匹配。将 -fno-omit-frame-pointer 传递给编译器可能有助于获得更好的堆栈跟踪(这在调试期间很有帮助)。
我正在尝试使用 gcc 的 leak sanitizer 选项来检测程序中的泄漏。
为此,我使用相关标志编译,运行 我的程序,然后终止,结果如下:
==8013==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 72704 byte(s) in 1 object(s) allocated from:
#0 0x7f3ace944ada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f3ab2f8690d (<unknown module>)
#2 0x7f3ab2f50525 (<unknown module>)
Direct leak of 72704 byte(s) in 1 object(s) allocated from:
#0 0x7f3ace944ada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f3ab51d2aad (<unknown module>)
#2 0x7f3ab51c4475 (<unknown module>)
Direct leak of 256 byte(s) in 1 object(s) allocated from:
#0 0x7f3ace944ada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x562db822861c in RenderHandler::RenderHandler() ../Src/main.cpp:68
#2 0x562db8226ee2 in main ../Src/main.cpp:200
#3 0x7f3acdf61ee2 in __libc_start_main (/usr/lib/libc.so.6+0x26ee2)
Direct leak of 232 byte(s) in 5 object(s) allocated from:
#0 0x7f3ace944ada in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7f3ab3e31677 (<unknown module>)
[...]
据我所知,许多库(甚至是标准库)都可能存在漏洞代码,对此我并不十分担心。如果我的视频驱动程序有漏洞代码,我不会修复它。
然而,在上面的堆栈跟踪中,存在一处相关泄漏(已报告第三处)。那个是我特意加的。
我不想打印 "unkown modules" 中发生的任何泄漏,因为我无法修复发生在我不知道的地方的泄漏(这些可能来自第三方库),并且他们倾向于隐藏我实际上可以修复的漏洞。
是否有机制指示泄漏消毒剂避免打印某些类型的泄漏?
使用抑制文件,如 AddressSanitizerLeakSanitizer#suppressions 中所述:
You can instruct LeakSanitizer to ignore certain leaks by passing in a suppressions file. The file must contain one suppression rule per line, each rule being of the form
leak:<pattern>. The pattern will be substring-matched against the symbolized stack trace of the leak. If either function name, source file name or binary file name matches, the leak report will be suppressed.
你通过设置环境变量在运行时传递文件LSAN_OPTIONS=suppressions:my_suppressions.txt。
在您的特定情况下,由于 <unknown module> 条目,可能很难找到合适的字符串进行匹配。将 -fno-omit-frame-pointer 传递给编译器可能有助于获得更好的堆栈跟踪(这在调试期间很有帮助)。