Valgrind won't detect buffer overflow

Question

#include <stdio.h>
main()
{     
    char buf[8];
    sprintf(buf,"AAAA%3s","XXssssssssXXXsssssXXX");
    printf("%s\n",buf);
}

I expected valgrind to detect a buffer overflow with the above code. But it does not report any errors or warnings. Do I need to enable any special flags for that?

With a recent `gcc` or `clang` compiler, you could compile with `-Wall -g -fsanitize=address` and it might give a message at runtime. BTW `sprintf` is intrinsically unsafe and should not be used. Use `snprintf` or `asprintf` — Basile Starynkevitch, Apr 24 '15 at 09:01
See our CheckPointer tool; it will find many memory errors that valgrind cannot. http://www.semdesigns.com/Products/MemorySafety — Ira Baxter, Apr 24 '15 at 09:12

score 17 · Accepted Answer · edited Apr 24 '15 at 11:07

17

From Valgrind Tutorial

What valgrind is NOT

Although valgrind is an extremely useful program, it will not miraculously tell you about every memory bug in your program. There are several limitations that you should keep in mind. It does not do bounds checking on stack/static arrays ..

edited Apr 24 '15 at 11:07

harald

5,976
1
24
41

answered Apr 24 '15 at 08:57

Dayal rai

6,548
22
29

Valgrind won't detect buffer overflow

1 Answers1

Linked