在linux系统下使用内存技术，检测堆越界错误

　　越界监测技术1
　　一般使用c或cpp编程时，堆栈越界访问（read/write）往往会引起很多意想不到的错误，比如延后的进程崩溃等。因此，如果有一种方法，可以让越界访问立即触发系统错误（让进程抛出异常而终止，再生成coredump文件），就可以立即检测出内存越界行为，并将对这种隐藏的错误，及时作出反应，以免在生产环境下造成更大的损失。
　　我们知道，在windows系统下面，我们可以使用VirtualAlloc系列函数，通过申请2页内存，并设置某页的保护参数（比如，可读，可写等），就可以实现类似的保护机制。这样，当我们对新增加的类（数据结构），就可以重载operator new/delete，将类的边界设置到一页的边缘，再将相邻页设置为不可读不可写。这样就能有效监测堆越界读写问题。而且可以，设置某个编译宏，比如PROTECT_CLASSX。演示代码如下：#define ONE_PAGE_SIZE (1024*4) class NewClassX { public:     const static size_t One_Page = ONE_PAGE_SIZE;     static void * operator new (size_t size)     {         void * pOrigin = VirtualAlloc(nullptr, One_Page * 2,                                  MEM_RESERVE, PAGE_READWRITE);         if(pOrigin == nullptr)             return nullptr;                  void * p = VirtualAlloc((BYTE*)pOrigin+One_Page, One_Page,                                  MEM_RESERVE, PAGE_NOACCESS);                  return (BYTE*)p - size;     }     static void operator delete(void * p)     {         NewClassX * obj = (NewClassX*)p;         obj->~NewClassX();         void * pOrigin = (BYTE*)p - (One_Page - sizeof(NewClassX));         VirtualFree(pOrigin);     } //... other operations private:     // private states; }
　　在linux下，则需要借助mmap和mprotect来实现这个机制。具体步骤如下，首先用mmap使用PROT_NONE映射一个特殊文件，比如/dev/zero(或者使用MAP_ANONYMOUS)，然后再用mprotect提交内存。上面的例子，可以继续使用，但是只列出来核心的代码，什么重载操作符就不写了，另外，内存映射文件j句柄最好用内存池来hold，最后在close掉。演示代码只说明大致用法，并不能直接拿来用。void * VirtualAllocInLinux(int fd, size_t size) {     void * pMmstart = mmap(nullptr, 2* One_Page, PROT_READ|PROT_WRITE, fd, 0);     void * p = mprotect((BYTE*)pMmstart+One_Page, One_Page, PROT_NONE);     return (BYTE*)pMmstart + One_Page - size; } void VirtualFreeInLinux(void * p) {     NewClassX * obj = (NewClassX*)p;     obj->~NewClassX();     void * pOrigin = (BYTE*)p + sizeof(NewClassX) - One_Page;     munmap(pOrigin, 2 * One_Page); }
　　下面补充mprotect的用法：#include  #include  #include  #include  #include  #include  #include   #define handle_error(msg)      do { perror(msg); exit(EXIT_FAILURE); } while (0)  char *buffer;  static void handler(int sig, siginfo_t *si, void *unused) {     printf(＂Got SIGSEGV at address: 0x%lx ＂,             (long) si->si_addr);     exit(EXIT_FAILURE); }  int main(int argc, char *argv[]) {     char *p;     int pagesize;     struct sigaction sa;     sa.sa_flags = SA_SIGINFO;     sigemptyset(&sa.sa_mask);     sa.sa_sigaction = handler;     if (sigaction(SIGSEGV, &sa, NULL) == -1)         handle_error(＂sigaction＂);     pagesize = sysconf(_SC_PAGE_SIZE);     if (pagesize == -1)         handle_error(＂sysconf＂);     /* Allocate a buffer aligned on a page boundary;        initial protection is PROT_READ | PROT_WRITE */     buffer = memalign(pagesize, 4 * pagesize);     if (buffer == NULL)         handle_error(＂memalign＂);     printf(＂Start of region:        0x%lx ＂, (long) buffer);     if (mprotect(buffer + pagesize * 2, pagesize,                 PROT_READ) == -1)         handle_error(＂mprotect＂);     for (p = buffer ; ; )         *(p++) = ＂a＂;     printf(＂Loop completed ＂);     /* Should never happen */     exit(EXIT_SUCCESS); }
　　再把mmap函数的用法示例如下：#include  #include  #include  #include  #include  #include  #define handle_error(msg)      do { perror(msg); exit(EXIT_FAILURE); } while (0) int main(int argc, char *argv[]) {     char *addr;     int fd;     struct stat sb;     off_t offset, pa_offset;     size_t length;     ssize_t s;     if (argc < 3 || argc > 4) {         fprintf(stderr, ＂%s file offset [length] ＂, argv[0]);         exit(EXIT_FAILURE);     }     fd = open(argv[1], O_RDONLY);     if (fd == -1)         handle_error(＂open＂);     if (fstat(fd, &sb) == -1)           /* To obtain file size */         handle_error(＂fstat＂);     offset = atoi(argv[2]);     pa_offset = offset & ~(sysconf(_SC_PAGE_SIZE) - 1);         /* offset for mmap() must be page aligned */     if (offset >= sb.st_size) {         fprintf(stderr, ＂offset is past end of file ＂);         exit(EXIT_FAILURE);     }     if (argc == 4) {         length = atoi(argv[3]);         if (offset + length > sb.st_size)             length = sb.st_size - offset;                 /* Canaqt display bytes past end of file */     } else {    /* No length arg ==> display to end of file */         length = sb.st_size - offset;     }     addr = mmap(NULL, length + offset - pa_offset, PROT_READ,                 MAP_PRIVATE, fd, pa_offset);     if (addr == MAP_FAILED)         handle_error(＂mmap＂);     s = write(STDOUT_FILENO, addr + offset - pa_offset, length);     if (s != length) {         if (s == -1)             handle_error(＂write＂);         fprintf(stderr, ＂partial write＂);         exit(EXIT_FAILURE);     }     exit(EXIT_SUCCESS); }