Chapter 10. memstomp

memstomp is a command line tool that can be used to identify function calls with overlapping memory regions in situations when such an overlap is not permitted by various standards. It intercepts calls to the library functions listed in Table 10.1, “Function Calls Inspected by memstomp” and for each memory overlap, it displays a detailed backtrace to help you debug the problem.

Similarly to Valgrind, the memstomp utility inspects applications without the need to recompile them. However, it is much faster than this tool and therefore serves as a convenient alternative to it.

Red Hat Developer Toolset is distributed with memstomp 0.1.5.

Table 10.1. Function Calls Inspected by memstomp

FunctionDescription

memcpy

Copies n bytes from one memory area to another and returns a pointer to the second memory area.

memccpy

Copies a maximum of n bytes from one memory area to another and stops when a certain character is found. It either returns a pointer to the byte following the last written byte, or NULL if the given character is not found.

mempcpy

Copies n bytes from one memory area to another and returns a pointer to the byte following the last written byte.

strcpy

Copies a string from one memory area to another and returns a pointer to the second string.

stpcpy

Copies a string from one memory area to another and returns a pointer to the terminating null byte of the second string.

strncpy

Copies a maximum of n characters from one string to another and returns a pointer to the second string.

stpncpy

Copies a maximum of n characters from one string to another. It either returns a pointer to the terminating null byte of the second string, or if the string is not null-terminated, a pointer to the byte following the last written byte.

strcat

Appends one string to another while overwriting the terminating null byte of the second string and adding a new one at its end. It returns a pointer to the new string.

strncat

Appends a maximum of n characters from one string to another while overwriting the terminating null byte of the second string and adding a new one at its end. It returns a pointer to the new string.

wmemcpy

The wide-character equivalent of the memcpy() function that copies n wide characters from one array to another and returns a pointer to the second array.

wmempcpy

The wide-character equivalent of the mempcpy() function that copies n wide characters from one array to another and returns a pointer to the byte following the last written wide character.

wcscpy

The wide-character equivalent of the strcpy() function that copies a wide-character string from one array to another and returns a pointer to the second array.

wcsncpy

The wide-character equivalent of the strncpy() function that copies a maximum of n wide characters from one array to another and returns a pointer to the second string.

wcscat

The wide-character equivalent of the strcat() function that appends one wide-character string to another while overwriting the terminating null byte of the second string and adding a new one at its end. It returns a pointer to the new string.

wcsncat

The wide-character equivalent of the strncat() function that appends a maximum of n wide characters from one array to another while overwriting the terminating null byte of the second wide-character string and adding a new one at its end. It returns a pointer to the new string.

10.1. Installing memstomp

In Red Hat Developer Toolset, the memstomp utility is provided by the devtoolset-7-memstomp package and is automatically installed with devtoolset-7-toolchain as described in Section 1.5, “Installing Red Hat Developer Toolset”.

10.2. Using memstomp

To run the memstomp utility on a program you want to analyze:

$ scl enable devtoolset-7 'memstomp program argument...'

To immediately terminate the analyzed program when a problem is detected, run the utility with the --kill (or -k for short) command line option:

$ scl enable devtoolset-7 'memstomp --kill program argument...'

The use of the --kill option is especially recommended if you are analyzing a multi-threaded program; the internal implementation of backtraces is not thread-safe and running the memstomp utility on a multi-threaded program without this command line option can therefore produce unreliable results.

Additionally, if you have compiled the analyzed program with the debugging information or this debugging information is available to you, you can use the --debug-info (or -d) command line option to produce a more detailed backtrace:

$ scl enable devtoolset-7 'memstomp --debug-info program argument...'

For detailed instructions on how to compile your program with the debugging information built in the binary file, see Section 7.2, “Preparing a Program for Debugging”. For information on how to install debugging information for any of the Red Hat Developer Toolset packages, see Section 1.5.4, “Installing Debugging Information”.

Note that you can execute any command using the scl utility, causing it to be run with the Red Hat Developer Toolset binaries used in preference to the Red Hat Enterprise Linux system equivalent. This allows you to run a shell session with Red Hat Developer Toolset memstomp as default:

$ scl enable devtoolset-7 'bash'

Example 10.1. Using memstomp

In the current working directory, create a source file named employee.c with the following contents:

#include <stdio.h>
#include <string.h>

#define BUFSIZE 80

int main(int argc, char *argv[]) {
  char employee[BUFSIZE] = "John,Doe,john@example.com";
  char name[BUFSIZE] = {0};
  char surname[BUFSIZE] = {0};
  char *email;
  size_t length;

  /* Extract the information: */
  memccpy(name, employee, ',', BUFSIZE);
  length = strlen(name);
  memccpy(surname, employee + length, ',', BUFSIZE);
  length += strlen(surname);
  email = employee + length;

  /* Compose the new entry: */
  strcat(employee, surname);
  strcpy(employee, name);
  strcat(employee, email);

  /* Print the result: */
  puts(employee);

  return 0;
}

Compile this program into a binary file named employee:

$ scl enable devtoolset-7 'gcc -rdynamic -g -o employee employee.c'

To identify erroneous function calls with overlapping memory regions:

$ scl enable devtoolset-7 'memstomp --debug-info ./employee'
memstomp: 0.1.4 successfully initialized for process employee (pid 14887).

strcat(dest=0x7fff13afc265, src=0x7fff13afc269, bytes=21) overlap for employee(14887)
        ??:0    strcpy()
        ??:0    strcpy()
        ??:0    _Exit()
        ??:0    strcat()
        employee.c:26   main()
        ??:0    __libc_start_main()
        ??:0    _start()
John,john@example.comDoe,

10.3. Additional Resources

A detailed description of memstomp and its features is beyond the scope of this book. For more information, see the resources listed below.

Installed Documentation

  • memstomp(1) — The manual page for the memstomp utility provides detailed information about its usage. To display the manual page for the version included in Red Hat Developer Toolset:

    $ scl enable devtoolset-7 'man memstomp'

See Also

  • Chapter 1, Red Hat Developer Toolset — An overview of Red Hat Developer Toolset and more information on how to install it on your system.
  • Chapter 7, GNU Debugger (GDB) — Instructions on debugging programs written in C, C++, and Fortran.
  • Chapter 8, strace — Instructions on using the strace utility to monitor system calls that a program uses and signals it receives.
  • Chapter 12, Valgrind — Instructions on using the Valgrind tool to profile applications and detect memory errors and memory management problems, such as the use of uninitialized memory, improper allocation and freeing of memory, and the use of improper arguments in system calls.