原文地址:https://www.cnblogs.com/liqinglucky/p/address-sanitizer-in-docker.html
Docker只是提供了一个运行环境,Docker里的程序集成Address Sanitizer与Linux环境编译相比并不需要做任何额外改动。
源代码:liqinglucky/DockerHelloWorld - 码云 - 开源中国 (gitee.com)
一、代码
在编译程序时加上编译参数-fsanitize=address
RUN g++ -fsanitize=address -g -o HelloWorld HelloWorld.cpp
在HelloWorld.cpp加上测试代码
int a1[10] = {0};
std::cout << a1[11];
二、编译
DockerHelloWorld# docker build -f ./Dockerfile -t hello:v1 .
Sending build context to Docker daemon 84.99kB
Step 1/5 : FROM gcc:4.9
---> 1b3de68a7ff8
Step 2/5 : COPY . /HelloWorld
---> f366acaf4880
Step 3/5 : WORKDIR /HelloWorld
---> Running in 70f174f6c268
Removing intermediate container 70f174f6c268
---> 14de1dc480b4
Step 4/5 : RUN g++ -fsanitize=address -g -o HelloWorld HelloWorld.cpp
---> Running in 46a451258fa1
Removing intermediate container 46a451258fa1
---> c363c617f6e2
Step 5/5 : CMD ["./HelloWorld"]
---> Running in d2b6baf583b0
Removing intermediate container d2b6baf583b0
---> d5e6979e98e1
Successfully built d5e6979e98e1
Successfully tagged hello:v1
三、测试
# docker run hello:v1
=================================================================
==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff655d1f3c at pc 0x400cae bp 0x7fff655d1ed0 sp 0x7fff655d1ec8
READ of size 4 at 0x7fff655d1f3c thread T0
#0 0x400cad in main /HelloWorld/HelloWorld.cpp:12
#1 0x7fb055e0cb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#2 0x400ac8 (/HelloWorld/HelloWorld+0x400ac8)
Address 0x7fff655d1f3c is located in stack of thread T0 at offset 76 in frame
#0 0x400ba5 in main /HelloWorld/HelloWorld.cpp:4
This frame has 1 object(s):
[32, 72) 'a1' <== Memory access at offset 76 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /HelloWorld/HelloWorld.cpp:12 main
Shadow bytes around the buggy address:
0x10006cab2390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006cab23a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006cab23b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006cab23c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006cab23d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
=>0x10006cab23e0: f1 f1 00 00 00 00 00[f4]f4 f4 f3 f3 f3 f3 00 00
0x10006cab23f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006cab2400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006cab2410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006cab2420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10006cab2430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==1==ABORTING
可以看到Address Sanitizer的Log就说明Docker里程序集成Address Sanitizer编译成功!