0

我一直在 Boost 或 Visual Studio 2010 中发现漏洞。像这个漏洞一样简单的程序:

#include <boost\regex.hpp>

int main()
{
    _CrtMemState state;
    _CrtMemCheckpoint(&state);

    {
        boost::regex my_filter;
        my_filter.set_expression("filter");
    }

    _CrtMemDumpAllObjectsSince(&state);
    return 0;
}

并返回

Dumping objects ->
{174} normal block at 0x00195C28, 1024 bytes long.
 Data: <    8\          > 00 00 00 00 38 5C 19 00 00 00 00 00 00 CD CD CD 
{172} normal block at 0x00195B90, 16 bytes long.
 Data: <  <         pO  > B8 D3 3C 01 01 00 00 00 01 00 00 00 70 4F 19 00 
{171} normal block at 0x00195B48, 8 bytes long.
 Data: < P      > BC 50 19 00 00 00 00 00 
{170} normal block at 0x00195AF8, 16 bytes long.
 Data: <  <         XQ  > E8 D3 3C 01 01 00 00 00 01 00 00 00 58 51 19 00 
{169} normal block at 0x00195A98, 32 bytes long.
 Data: < R   R   R      > 80 52 19 00 80 52 19 00 80 52 19 00 09 0C 00 00 
{168} normal block at 0x00195A48, 20 bytes long.
 Data: < Q   Q   R   Y  > E8 51 19 00 E8 51 19 00 E0 52 19 00 F8 59 19 00 
{167} normal block at 0x001959F8, 16 bytes long.
 Data: < 2=          R  > 94 32 3D 01 02 00 00 00 01 00 00 00 E0 52 19 00 
{158} normal block at 0x00195968, 80 bytes long.
 Data: <hY  hY  hY      > 68 59 19 00 68 59 19 00 68 59 19 00 CD CD CD CD 
{157} normal block at 0x00195920, 8 bytes long.
 Data: < W      > 0C 57 19 00 00 00 00 00 
{156} normal block at 0x001958B0, 52 bytes long.
 Data: < X   X   X      > B0 58 19 00 B0 58 19 00 B0 58 19 00 CD CD CD CD 
{155} normal block at 0x00195868, 8 bytes long.
 Data: < V      > F8 56 19 00 00 00 00 00 
{154} normal block at 0x001957F8, 52 bytes long.
 Data: < W   W   W      > F8 57 19 00 F8 57 19 00 F8 57 19 00 CD CD CD CD 
{153} normal block at 0x001957B0, 8 bytes long.
 Data: < V      > E4 56 19 00 00 00 00 00 
{150} normal block at 0x00195768, 8 bytes long.
 Data: <`3>     > 60 33 3E 01 00 00 00 00 
{149} normal block at 0x001952E0, 1096 bytes long.
 Data: <                > 09 0C 00 00 00 00 00 00 00 00 00 00 00 00 1A 00 
{148} normal block at 0x00195280, 32 bytes long.
 Data: < Z   Z   Z      > 98 5A 19 00 98 5A 19 00 98 5A 19 00 CD CD CD CD 
{147} normal block at 0x00195238, 8 bytes long.
 Data: < 3>     > 14 33 3E 01 00 00 00 00 
{146} normal block at 0x001951E8, 20 bytes long.
 Data: <HZ  HZ          > 48 5A 19 00 48 5A 19 00 CD CD CD CD CD CD CD CD 
{145} normal block at 0x001951A0, 8 bytes long.
 Data: < 3>  Z  > 04 33 3E 01 A8 5A 19 00 
{144} normal block at 0x00195158, 8 bytes long.
 Data: < R   Y  > E0 52 19 00 F8 59 19 00 
{143} normal block at 0x00195110, 8 bytes long.
 Data: <pO      > 70 4F 19 00 00 00 00 00 
{142} normal block at 0x00194F70, 356 bytes long.
 Data: < Q              > 10 51 19 00 00 00 00 00 00 00 00 00 00 00 00 00 
Object dump complete.

我发现这个使用 boost 1.47 和 1.50 我正在使用带有 SP1 的 Visual Studio 2010 它似乎在 VS2010 中。我试图找到一个修补程序但没有任何成功

感谢您的提示!

4

1 回答 1

2

在这两个例子中,_CrtMemDumpAllObjectsSince都是在 boost 对象的析构函数运行之前被调用的,所以没有任何机会来整理自己。仍然分配的内存几乎可以肯定不是泄漏。

应该修改代码以确保在检查仍然分配的内存之前运行析构函数:

#include <boost\regex.hpp>

int main()
{
    _CrtMemState state;
    _CrtMemCheckpoint(&state);

    {
        boost::smatch what;
    }

    _CrtMemDumpAllObjectsSince(&state);
    return 0;
}

或者,更好的是,改用该_CrtSetDbgFlag函数:

http://msdn.microsoft.com/en-us/library/5at7yxcs(v=vs.100).aspx

设置_CRTDBG_LEAK_CHECK_DF标志。在运行所有全局析构函数之后,将在程序退出时执行泄漏检查。这使得列出的任何项目都更有可能实际上是泄漏。

于 2012-10-17T00:01:11.633 回答