c++stack-smash

How to debug 'Stack smashing detected'?


I have a complex c++ code. It's a FastCGI program, using the FastCGI C++ Class library.

When I ask it for a very looooong url, I get:

*** stack smashing detected ***: ./tileserve terminated
Erreur de segmentation

For real life applications, it's not an issue since I never use so long URLs, but this means that anyone could terminate my server... I don't like that.

Is there a tool to find out where this problem appears? How do I use it?

EDIT: SOLVED

I was doing this:

int len;
char uri[200];

len = strlen(request.params[std::string("REQUEST_URI")].c_str());
printf("%d\n", len);

if (len > 200) return 1;

strcpy(uri, request.params[std::string("REQUEST_URI")].c_str());

Looks like 200 was too high for the len test. It actually fails at 194.

So instead I did this:

if (len > 190) return 1;

Now, it's fine.


Solution

  • If you read the website you will realize that this is a simple C++ wrapper over a C library.

    A typical issue with C library are buffer overruns:

    #include <cstring>
    #include <cstdio>
    
    int main(int argc, char* argv[]) {
      char buffer[16]; // ought to be sufficient
    
      strcpy(buffer, argv[1]);
      printf("%s", buffer);
    }
    

    Try this program:

    > ./test "a"
    a
    > ./test "abcdefghijklmnoprqstuvwxyz"
    ???
    

    Because the buffer can only contain 16 characters, the remaining characters will be written past its end. This is stack smashing, and undefined behavior.

    A number of implementations of either the runtime library or your OS may detect this situation in some conditions and terminate the program.

    Either you are doing something wrong or the library is.

    To locate the issue, you could use Valgrind or run your program in a debugger. Alternatively, if your system allows it, you might have a memory dump at the moment the program was killed. You can also view this memory dump in a debugger.