free野指针问题

Posted 枝桠

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了free野指针问题相关的知识,希望对你有一定的参考价值。

gdb backtrace内容如下:

 1 Program received signal SIGABRT, Aborted.
 2 0xb67683c0 in raise () from /lib/libc.so.0
 3 (gdb) p cmd
 4 No symbol "cmd" in current context.
 5 (gdb) bt
 6 #0  0xb67683c0 in raise () from /lib/libc.so.0
 7 #1  0xb6762bfc in abort () from /lib/libc.so.0
 8 #2  0xb67626a8 in free () from /lib/libc.so.0
 9 #3  0xb6a8a6dc in cmd_matcher_match_keyword (matcher=0xbeac7080, token=0x917690, argc=0xbeac7698, argv=0xbeac7634)
10     at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:2051
11 #4  0xb6a8a97c in cmd_element_match (cmd_element=0xb65d02ec, filter=FILTER_RELAXED, vline=0x8ec160, index=4294967295,
12     match_type=0x0, match=0x0, argc=0xbeac7698, argv=0xbeac7634)
13     at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:2122
14 #5  0xb6a8ace4 in cmd_parse (cmd_element=0xb65d02ec, vline=0x8ec160, argc=0xbeac7698, argv=0xbeac7634)
15     at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:2252
16 #6  0xb6a8d680 in cmd_execute_command_real (vline=0x8ec160, filter=FILTER_RELAXED, vty=0x8dd290, cmd=0xbeac7798)
17     at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:3544
18 #7  0xb6a8e564 in cmd_execute_command (vline=0x8ec160, vty=0x8dd290, cmd=0xbeac7798, vtysh=1)
19     at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:3733
20 #8  0x000278f0 in vtysh_execute_func (line=0x977c8f "snmp-server host 10.54.88.108 inform version v2c community a3 port 162",
21     pager=1) at /Source_route/wns/apps/openswitch_ori/ops-cli/vtysh/vtysh.c:440
22 #9  0x00027ec0 in vtysh_execute (line=0x977c8f "snmp-server host 10.54.88.108 inform version v2c community a3 port 162")
23     at /Source_route/wns/apps/openswitch_ori/ops-cli/vtysh/vtysh.c:661
24 #10 0x00025e80 in s_process_cli_cmd (buf=0x985860, len=109, msg=0x0, proxy_hdr=0x98581c)
25     at /Source_route/wns/apps/openswitch_ori/ops-cli/vtysh/vtysh_main.c:353
26 #11 0xb6a29a28 in ?? () from /wns/lib/libwns_ipc.so
27 #12 0xb6a29a28 in ?? () from /wns/lib/libwns_ipc.so
28 Backtrace stopped: previous frame identical to this frame (corrupt stack?)

看第2、3行, 在cmd_matcher_match_keyword 函数中free出错,有两种情况:释放野指针;重复释放(造成野指针)

所以,在看看前文哪里有free行为的代码, 直接注释掉


(gdb) frame 3
#3  0xb6b326dc in cmd_matcher_match_keyword (matcher=0xbec3d080, token=0xb3b690, argc=0xbec3d698, argv=0xbec3d634) at /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c:2051
2051    in /Source_route/wns/apps/openswitch_ori/ops-cli/lib/command.c
(gdb) ptype matcher
type = struct cmd_matcher {
    struct cmd_element *cmd;
    enum filter_type filter;
    vector vline;
    unsigned int index;
    enum match_type *match_type;
    vector *match;
    unsigned int word_index;
} *
(gdb)

frame n切换现场查看具体信息

 

以上是关于free野指针问题的主要内容,如果未能解决你的问题,请参考以下文章

为啥free函数不在释放内存后,将指针置NULL,野指针有啥用

结构体指针在使用完free后,该指针所指向的内存区域是啥,这个指针是变成了NULL,还是野指针。

C语言中, 为了避免野指针,是否可以在free和delete之后,把指针置为NULL就可以避免了?

野指针相关总结

软件安全实验——lab12(UAF(Use after free):C++野指针利用)

指针辨析:悬垂指针哑指针野指针智能指针