Memory Corruption – Debugging Tools in Linux

[Nytro]

[h=1]Memory Corruption – Debugging Tools in Linux[/h]

13 hours ago by Rupali 0

In part I, we learnt about the memory corruption and the probable causes. Presently, there are plethora Linux tools available to combat the issues of memory corruption. Such Linux tools assist a great deal in detecting the memory corruption and resolving them. In this article we will cover 3 popular open source tools available for debugging memory corruption related problem on Linux.

NOTE – Information related to installation of debugging tools is Ubuntu specific.

[h=2]Memory Corruption Debugging Tools[/h] [h=3]1. Electric Fence[/h] Electric Fence is a memory debugger, or sometimes also called malloc debugger as it detects memory corruption related to memory allocated by malloc(). It excels in detecting two kinds of programming issues related to heap memory corruption

1. The buffer overrun of a memory allocated by ‘malloc()’
   
2. Access to memory that has been freed by ‘free()’. Well, electric fence will detect even a read access, along with the write.
   

The way it helps is, we run our executable in a debugger along with electric fence. and electric fence will make the program error at the point either where the buffer is going out of bounds of malloc-ed boundaries, or any access to a memory already freed. Hence, this way we come to know (with the error thrown by electric fence) about the statement attempting to corrupt a memory.

In all, the crash point is moved to the precise point of the first invalid memory write/read and hence helping us to determine where memory corruption is taking place. Well, the way things change is, with gdb we’ll see the crash wherever it happens, but with efence, the crash location changes to where the corruption happens.

To begin with, we will see how to set up electric fence.

The following command works on Ubuntu system to install the open source tool.

$ sudo apt-get install electric-fence

However, one can also install electric-fence through synaptic or aptitude.

Once installed, one can see that it is a library which contains overloaded definitions of malloc(), free(), calloc(), and other such memory related api’s which are generally available in libc.

The way it works is, efence places an inaccessible page after each memory block allocated by ‘malloc()’. And for which it has to use the virtual memory hardware of the system. Once, we go beyond the allocated memory, it will come to know the invalid access and will trigger the error.

To use electric fence, just compile the sources with ‘-g’ debug option and link it to the efence library.

Lets take our old heap corruption example, which looks like,

#include <stdio.h>
#include <stdlib.h>
int main()
{
  int *pData = NULL;
  int num = 12;
  pData = (int*) malloc (num * sizeof (int));
  //...do stuff use the memory
  free(pData);

  pData[0] = -1;
  pData = (int*) malloc (num * sizeof (int));
  //...do stuff use the memory
  free(pData);
  return 0;
}

Here is how we compile the executable now using efence .

$ gcc -g -Wall  heapcorrupt.c -o heapcorrupt   -lefence

Its essential to understand in the above linking, that we are asking the final built executable to use symbols ‘malloc’ and ‘free’ from the libefence library rather than libc. For me, libefence library is place at

/usr/lib/

In certain cases, if gcc is still using libc definitions, try giving the path to the library in the compilation options.

Lets confirm, if our binary is using the required ‘malloc’ and ‘free’ symbols through ‘nm’ tool, which lists all the symbols.

$ nm -a heapcorrupt | grep malloc

        U malloc

Articol complet:

http://mylinuxbook.com/debugging-linux-memory-corruption/