Skip to content

[LAB5] 512558012 #607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

[LAB5] 512558012 #607

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 57 additions & 11 deletions lab5/Answer.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,34 @@
# Answer

Name:
ID:
Name: [黃崇銘]
ID: [512558012]

## Test Valgrind and ASan
### Result
| | Valgrind | Asan |
| -------------------- | -------- | ---- |
| Heap out-of-bounds | | |
| Stack out-of-bounds | | |
| Global out-of-bounds | | |
| Use-after-free | | |
| Use-after-return | | |
| Vulnerability | Result (Valgrind) | Result (ASan) |
|---------------------|-------------------|---------------|
| Heap out-of-bounds | Detected | Detected |
| Stack out-of-bounds | Detected | Detected |
| Global out-of-bounds| Detected | Detected |
| Use-after-free | Detected | Detected |
| Use-after-return | Detected | Detected |

### Heap out-of-bounds
**Source code**:
```c
#include <stdlib.h>

void heap_out_of_bounds() {
int *arr = malloc(10 * sizeof(int));
arr[10] = 0; // 越界寫
free(arr);
}

#### Source code
```

void stack_out_of_bounds() {
int arr[10];
arr[10] = 0; // 越界寫
}
```
#### Valgrind Report
```
Expand All @@ -30,6 +42,11 @@ ID:
### Stack out-of-bounds
#### Source code
```
int global_arr[10];

void global_out_of_bounds() {
global_arr[10] = 0; // 越界寫
}

```
#### Valgrind Report
Expand All @@ -44,6 +61,13 @@ ID:
### Global out-of-bounds
#### Source code
```
#include <stdlib.h>

void use_after_free() {
int *arr = malloc(10 * sizeof(int));
free(arr);
arr[0] = 0; // 使用已釋放內存
}

```
#### Valgrind Report
Expand All @@ -58,6 +82,17 @@ ID:
### Use-after-free
#### Source code
```
int *ptr;

void use_after_return_helper() {
int local_arr[10];
ptr = &local_arr[0];
}

void use_after_return() {
use_after_return_helper();
ptr[0] = 0; // 使用返回後的局部變量
}

```
#### Valgrind Report
Expand All @@ -72,6 +107,12 @@ ID:
### Use-after-return
#### Source code
```
void bypass_redzone() {
int arr1[8];
int arr2[8];
*((volatile int *)(&arr1[8])) = 0; // 繞過紅區寫
}


```
#### Valgrind Report
Expand All @@ -90,3 +131,8 @@ ID:
```
### Why

void bypass_redzone() {
int arr1[8];
int arr2[8];
*((volatile int *)(&arr1[8])) = 0; // 繞過紅區寫
}