首页 > 其他分享 >docker中测试Address Sanitizer

docker中测试Address Sanitizer

时间:2023-07-09 10:36:05浏览次数:53  
标签:redzone 00 Sanitizer HelloWorld --- Address docker Stack

原文地址:https://www.cnblogs.com/liqinglucky/p/address-sanitizer-in-docker.html

Docker只是提供了一个运行环境,Docker里的程序集成Address Sanitizer与Linux环境编译相比并不需要做任何额外改动。

源代码:liqinglucky/DockerHelloWorld - 码云 - 开源中国 (gitee.com)

一、代码

在编译程序时加上编译参数-fsanitize=address

RUN g++ -fsanitize=address -g -o HelloWorld HelloWorld.cpp

HelloWorld.cpp加上测试代码

int a1[10] = {0};
std::cout << a1[11];

二、编译

DockerHelloWorld# docker build -f ./Dockerfile -t hello:v1 .

Sending build context to Docker daemon  84.99kB
Step 1/5 : FROM gcc:4.9
 ---> 1b3de68a7ff8
Step 2/5 : COPY . /HelloWorld
 ---> f366acaf4880
Step 3/5 : WORKDIR /HelloWorld
 ---> Running in 70f174f6c268
Removing intermediate container 70f174f6c268
 ---> 14de1dc480b4
Step 4/5 : RUN g++ -fsanitize=address -g -o HelloWorld HelloWorld.cpp
 ---> Running in 46a451258fa1
Removing intermediate container 46a451258fa1
 ---> c363c617f6e2
Step 5/5 : CMD ["./HelloWorld"]
 ---> Running in d2b6baf583b0
Removing intermediate container d2b6baf583b0
 ---> d5e6979e98e1
Successfully built d5e6979e98e1
Successfully tagged hello:v1

三、测试

# docker run hello:v1
=================================================================
==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff655d1f3c at pc 0x400cae bp 0x7fff655d1ed0 sp 0x7fff655d1ec8
READ of size 4 at 0x7fff655d1f3c thread T0
    #0 0x400cad in main /HelloWorld/HelloWorld.cpp:12
    #1 0x7fb055e0cb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #2 0x400ac8 (/HelloWorld/HelloWorld+0x400ac8)

Address 0x7fff655d1f3c is located in stack of thread T0 at offset 76 in frame
    #0 0x400ba5 in main /HelloWorld/HelloWorld.cpp:4

  This frame has 1 object(s):
    [32, 72) 'a1' <== Memory access at offset 76 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /HelloWorld/HelloWorld.cpp:12 main
Shadow bytes around the buggy address:
  0x10006cab2390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab23a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab23b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab23c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab23d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
=>0x10006cab23e0: f1 f1 00 00 00 00 00[f4]f4 f4 f3 f3 f3 f3 00 00
  0x10006cab23f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab2400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab2410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab2420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab2430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==1==ABORTING

可以看到Address Sanitizer的Log就说明Docker里程序集成Address Sanitizer编译成功!

标签:redzone,00,Sanitizer,HelloWorld,---,Address,docker,Stack
From: https://www.cnblogs.com/liqinglucky/p/address-sanitizer-in-docker.html

相关文章

  • ubuntu18.04 搭建docker 环境
    1.安装docker环境1.1安装docker容器sudoaptinstalldocker.iosudosystemctlstatusdocke#获取docker状态sudosystemctlstartdocker#启动dockersudosystemctlstopdocker#停止docker1.2将添加docker用户组(重启生效)sudogroupadddockersudogpasswd......
  • Docker容器 命令
     查看容器状态 正在运行的容器dockerps 查看所有容器dockerps-a 启动容器  1、直接运行,这种会铺满窗口,并且不能其它操作,按ctrl+c终止进程dockerruntomcat 2、后台运行  -p 后面两个8080,第一个8080为对外访问端口,第......
  • ubuntu 通过软链接的方式修改 Docker 镜像默认存储位置以防止空间占满
    和之前的修改conda存储位置一样,我们同样可以通过软链接的方式,修改存储位置。前文:https://www.cnblogs.com/odesey/p/17218519.htmlhttps://www.cnblogs.com/odesey/p/17512848.html默认情况下Docker容器的存放位置在/var/lib/docker目录下面,可以通过下面命令查看具体......
  • 从docker hub上拉取镜像nginx、tomcat实例
     可以从百度上搜索dockerhub,进入网站:https://hub-stage.docker.com/search?q=tomcat  查看不同镜像版本 查看镜像命令,以下两种均可dockerimagelsdockerimages拉取tomcat镜像,如不指定版本,默认拉取最近的 dockerpulltomcat拉取指定版本tomcat......
  • 用容器部署Nexus 3作为Nuget和Docker的仓库
    1、准备docker-compose的配置文件version:'3'services:nexus:image:'sonatype/nexus3:3.42.0'container_name:nexusrestart:alwayshostname:nuget.dudusoft.cnprivileged:trueenvironment:-TZ=Asia/Shanghai......
  • 云原生之使用Docker部署Dailynotes个人笔记管理工具
    (云原生之使用Docker部署Dailynotes个人笔记管理工具)一、Dailynotes介绍DailyNotes用于每天记笔记和跟踪任务的应用程序。本工具使用markdown进行编辑,也可以作为个人任务看板。二、检查本地docker环境1.检查docker版本[root@jeven~]#docker-vDockerversion20.10.21......
  • 用Dockers搭建DNS服务器
    1、Docker-Compose的配置文件用vi编辑器,创建文件:vidocker-compose.yml内容如下:version:'3.6'networks:main:ipam:config:-subnet:10.10.1.0/24services:web:image:'sameersbn/bind:9.16.1-20200524'container_nam......
  • docker
    安装Docker安装Docker有三种方法,这里只用repository安装,更详细的安装方法可以看官方文档。1.1添加repository首先更新apt:sudoapt-getupdate安装一些包让apt可以通过https使用repository:sudoapt-getinstallapt-transport-httpsca-certificatescurlgnup......
  • docker 安装pgsq
    1、拉镜像(指定版本或者不指定)dockerpullpostgresdockerpullpostgres:10.21-alpine2、根据镜像创建容器dockerrun-d-p5432:5432-vd:/mydata/postgres:/mydata/postgres/pgdata-ePOSTGRES_PASSWORD=123456--namepgsqlpostgres参数说明:-d:表示在后台运行容器;-......
  • docker配置阿里云镜像加速器
      首先登录阿里云服务器,每个账号都有一个镜像加速地址,并且这个地址可以共用 sudomkdir-p/etc/dockersudotee/etc/docker/daemon.json<<-'EOF'{"registry-mirrors":["https://6e4l5boa.mirror.aliyuncs.com"]}EOFsudosystemctldaemon-reloadsud......