Add dump case - Githubissues

paranlee commented 1 year ago

This is something I can think of to add now.

stack overflow by recursive function
file close after read
file open with not close
heap overflow
write access code area
concurrency list dirty
null dereference
dlopend funtion access after dlclose

austindhkim commented 1 year ago

The items listed above are very useful to perform userspace debugging as well as false positive test.

paranlee commented 1 year ago

1. non terminated ‘\0’ string

paranlee commented 1 year ago

1. free after freed

paranlee commented 1 year ago

1. stack overflow by too much member of struct

paranlee commented 1 year ago

1. invalid casted function pointer with wrong arguments

paranlee commented 1 year ago

Hello @austindhkim. I attached First version of LUDTM. I made a ludtm with debug symbol(See Makefile). I attached a ludtm with debug symboled.

da23df2ae0bfc3b3d17dadeb7c2a95f7841ec714
ludtm-dump.zip
reference
- https://m.blog.naver.com/ljsk139/220822010792

paranlee commented 1 year ago

@austindhkim We can debugging like this...

kim@raspberrypi:~/ludtm $ ls
'(000-segfault)core-ludtm.1168687.raspberrypi.1691421378'                   LICENSE
'(001-null_dereference)core-ludtm.1168743.raspberrypi.1691421383'           Makefile
'(002-write_weired_area)core-ludtm.1168764.raspberrypi.1691421387'          README.md
'(003-stack_corruption)core-ludtm.1168814.raspberrypi.1691421392'           list.c
'(004-stack_overflow_recursive)core-ludtm.1168840.raspberrypi.1691421396'   list.h
'(005-stack_overflow_oversize)core-ludtm.1168866.raspberrypi.1691421401'    ludtm
'(006-heap_overflow)core-ludtm.1168892.raspberrypi.1691421405'              ludtm-dump
'(007-mem_leak)core-ludtm.1168918.raspberrypi.1691421409'                   ludtm-dump.tar
'(008-double_free)core-ludtm.1168966.raspberrypi.1691421413'                ludtm-dump.zip
'(009-list_concurrency)core-ludtm.1168992.raspberrypi.1691421417'           ludtm.c
'(010-wrong_funtion_pointer)core-ludtm.1169020.raspberrypi.1691421420'      main.c

kim@raspberrypi:~/ludtm $ gdb -c '(009-list_concurrency)core-ludtm.1168992.raspberrypi.1691421417' ludtm

Reading symbols from ludtm...
[New LWP 1168993]
[New LWP 1168994]
[New LWP 1168992]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
Core was generated by `./ludtm list_concurrency'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00000055576d10c0 in __list_add (new=0x7f9c000b60, prev=0x0, next=0x55576e31e8 <dirty_list>) at list.h:87
87          prev->next = new;
[Current thread is 1 (Thread 0x7fa14521c0 (LWP 1168993))]
gef➤  bt
#0  0x00000055576d10c0 in __list_add (new=0x7f9c000b60, prev=0x0, next=0x55576e31e8 <dirty_list>) at list.h:87
#1  0x00000055576d10f8 in list_add_tail (new=0x7f9c000b60, head=0x55576e31e8 <dirty_list>) at list.h:113
#2  0x00000055576d1714 in append (ptr=0x55576e31e8 <dirty_list>, str=0x55576d2388 "austindh.kim@gmail.com", val=0x1) at ludtm.c:226
#3  0x00000055576d1a14 in list_concurrency_dirty_thrd (thr_id=0x0) at ludtm.c:318
#4  0x0000007fa15cf584 in start_thread (arg=0x7fa1451ac0) at pthread_create.c:474
#5  0x0000007fa1525c1c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78

paranlee commented 1 year ago

We need dump cases when ignored calling conventions.

paranlee / ludtm

Add dump case #1