10.2. Using memstomp

To run the memstomp utility on a program you want to analyze, type the following at a shell prompt:
scl enable devtoolset-4 'memstomp program [argument...]'
To immediately terminate the analyzed program when a problem is detected, run the utility with the --kill (or -k for short) command line option:
scl enable devtoolset-4 'memstomp --kill program [argument...]'
The use of the --kill option is especially recommended if you are analyzing a multi-threaded program; the internal implementation of backtraces is not thread-safe and running the memstomp utility on a multi-threaded program without this command line option can therefore produce unreliable results.
Additionally, if you have compiled the analyzed program with the debugging information or this debugging information is available to you, you can use the --debug-info (or -d) command line option to produce a more detailed backtrace:
scl enable devtoolset-4 'memstomp --debug-info program [argument...]'
For detailed instructions on how to compile your program with the debugging information built in the binary file, see Section 7.2, “Preparing a Program for Debugging”. For information on how to install debugging information for any of the Red Hat Developer Toolset packages, see Section 1.5.4, “Installing Debugging Information”.
Note that you can execute any command using the scl utility, causing it to be run with the Red Hat Developer Toolset binaries used in preference to the Red Hat Enterprise Linux system equivalent. This allows you to run a shell session with Red Hat Developer Toolset memstomp as default:
scl enable devtoolset-4 'bash'

Example 10.1. Using memstomp

In the current working directory, create a source file named employee.c with the following contents:
#include <stdio.h>
#include <string.h>

#define BUFSIZE 80

int main(int argc, char *argv[]) {
  char employee[BUFSIZE] = "John,Doe,john@example.com";
  char name[BUFSIZE] = {0};
  char surname[BUFSIZE] = {0};
  char *email;
  size_t length;

  /* Extract the information: */
  memccpy(name, employee, ',', BUFSIZE);
  length = strlen(name);
  memccpy(surname, employee + length, ',', BUFSIZE);
  length += strlen(surname);
  email = employee + length;

  /* Compose the new entry: */
  strcat(employee, surname);
  strcpy(employee, name);
  strcat(employee, email);

  /* Print the result: */
  puts(employee);

  return 0;
}
Compile this program into a binary file named employee by using the following command:
~]$ scl enable devtoolset-4 'gcc -rdynamic -g -o employee employee.c'
To identify erroneous function calls with overlapping memory regions, type:
~]$ scl enable devtoolset-4 'memstomp --debug-info ./employee'
memstomp: 0.1.4 successfully initialized for process employee (pid 14887).


strcat(dest=0x7fff13afc265, src=0x7fff13afc269, bytes=21) overlap for employee(14887)
        ??:0    strcpy()
        ??:0    strcpy()
        ??:0    _Exit()
        ??:0    strcat()
        employee.c:26   main()
        ??:0    __libc_start_main()
        ??:0    _start()
John,john@example.comDoe,