bcsample.cpp

DOS环境下C/C++语言内存问题检测 numega的产品

// BCSAMPLE.CPP - Tutorial Program for BOUNDS-CHECKER
// See BCSAMPLE for information to re-build this program


#include <stdio.h>
#include <conio.h>
#include <string.h>
#include <stdlib.h>


#define NullPointer1 (char far*) 0x14
#define NullPointer2 (char far*) 0x18
#define NullPointer3 (char far*) 0x0C

void MemoryAccess(char far*);
void CodeWrite();
void BadLibraryPtr(char far* p);
void UseFreedPtr();
char LegalAccess();
void GPfault();
void StrcpyTooFar();
void MemcpyOverStruct();
void MemsetPastStatic();
void MemsetPastMalloc();
void DirectWritePastMalloc();
void FreeBadPtr();
void StrcpyPastNew();
void DeleteBadPtr();

void DisplayInitScreen();
void DisplayMainScreen();
int CauseBug(int choice);
int DummyRoutine();

void screen1(), screen2(), screen3(), screen4(), screen5();
void screen6(), screen7(), screen8(), screen9(), screen10();
void screen11(), screen12(), screen13(), screen14(), screen15(), screen16();

char* x[5];
typedef void (*PF)();
PF screens[] = {(PF) 0, screen1, screen2, screen3, screen4, screen5,
			screen6, screen7, screen8, screen9, screen10,
			screen11, screen12, screen13, screen14, screen15,
			screen16};

char static_string[] = "0123456789";
char over_write_buf[10];

void main(int argc, char* argv[])
{
  if (argc > 1) {
     for (int i=1; i < argc; i++)
       CauseBug(atoi(argv[i]));
     return;
  }

  char buf[20];
  int choice;
  DisplayInitScreen();
  do {
    DisplayMainScreen();
    choice = atoi(gets(buf));
    if (choice>0 && choice<=16)
	    screens[choice]();
  } while (CauseBug(choice));
}

int CauseBug(int choice)
{
  switch (choice) {
  case 1: MemoryAccess(NullPointer1);
   break;
  case 2: CodeWrite(); //MemoryAccess((char far*) DummyRoutine);
   break;
  case 3: BadLibraryPtr(NullPointer2);
   break;
  case 4: LegalAccess();
   break;
  case 5: GPfault();
   break;
  case 6: StrcpyTooFar();
   break;
  case 7: MemcpyOverStruct();
   break;
  case 8: MemsetPastStatic();
   break;
  case 9: MemsetPastMalloc();
   break;
  case 10: DirectWritePastMalloc();
   break;
  case 11: UseFreedPtr();
   break;
  case 12: FreeBadPtr();
    break;
  case 13: StrcpyPastNew();
    break;
  case 14: DeleteBadPtr();
    break;
  case 15: new(char[10]);
    choice = 0;
    break;
  case 16: malloc(10);
    choice = 0;
    break;
  default: printf("\nNot A Valid Choice\n");
  	 choice = 0;
    break;
  }
  return choice;
}

void MemoryAccess(char far* p)
{
  *p = 'A';
}

void CodeWrite()
{
  char far* p;
  p = (char*) DummyRoutine;
  *p = 'B';
}

void BadLibraryPtr(char far* p)
{
  atol(p);
}

char LegalAccess()
{
  char *px, x;
  px = (char *) 0x410;	  // access the BIOS equipment flag at 40:10H
  x = *px;
  return x;
}

void GPfault()
{
  char *p;
  unsigned int i,x=1;
  p = (char*) malloc(0xfff1);
  p += 0xfff1;
  for (i=0; i <= 0x10; i++)
    (*(int*)p++) = x;
}

void StrcpyTooFar()
{
  char in_string[11] = "1234567890";
  char out_string[10];
  strcpy(out_string,in_string);
}

struct test_struct {
  char  element1;
  int   element2;
  long  element3;
};

void MemcpyOverStruct()
{
  char a[] = "1234567890AB";
  test_struct s, *p;
  p = &s;
  memcpy((void*)p, (void*)a, 9);
}

void MemsetPastStatic()
{
  memset(static_string,'A',13);
}

void MemsetPastMalloc()
{
  void *p;
  p = malloc(10);
  memset(p,'A',11);
  free(p);
}

void DirectWritePastMalloc()
{
  char *p, *p1;
  int i;
  p = (char*) malloc(10);
  for (i=0, p1=p; i<=10; i++)
      *p1++ = 'A';
  p1 = (char*) malloc(20);
  free(p);
  free(p1);
}

void UseFreedPtr()
{
  char *p;
  p = (char*) malloc(50);
  free(p);
  *p = 'A';
}

void FreeBadPtr()
{
  free(NullPointer3);
}

void StrcpyPastNew()
{
  char* p;
  char a[] = "1234567890";
  p = new(char[5]);
  strcpy(p, a);
  delete p;
}

void DeleteBadPtr()
{
  delete((char*) 10);
}

int DummyRoutine()
{
  return 1;
}

void DisplayInitScreen()
{
printf("\n                 BOUNDS-CHECKER Tutorial\n\n");
printf("BCSAMPLE (this program) is full of memory related defects(bugs).\n");
printf("When run with BOUNDS-CHECKER, it will show you how BOUNDS-CHECKER \n");
printf("responds to each type of problem.\n");
printf("\n");
printf("BCSAMPLE is used by the BOUNDS-CHECKER tutorial in the user guide.\n");
printf("BCSAMPLE can be used with this tutorial or you can experiment\n");
printf("on your own.\n");
printf("\n");
printf("Prior to running BOUNDS-CHECKER with BCSAMPLE you should\n");
printf("delete BCSAMPLE.LOG and BCSAMPLE.BC.\n");
printf("\n");
printf("To run BOUNDS-CHECKER on BCSAMPLE enter:  BCHK BCSAMPLE\n");
printf("\n\n\n\n\n\n\n\n\n");
printf("                   Press any key to continue");
getch();
}

void DisplayMainScreen()
{
printf("\n                 BOUNDS-CHECKER Tutorial\n\n");
printf("Type in a problem number and press enter. Enter 15 or 16 to exit.\n\n");
printf("Illegal out-of-bounds memory accesses and code over-writes\n");
printf("        1.   Illegally access memory outside this program\n");
printf("        2.   Illegally write over the code area of this program\n");
printf("        3.   Pass an out-of-bounds pointer to a library routine\n");
printf("        4.   Make a legal out-of-bounds access\n");
printf("        5.   General Protection Violation\n");
printf("Stack, Data Segment and Heap memory bugs\n");
printf("        6.   strcpy past the end of a local character array\n");
printf("        7.   memcpy past the end of a local structure\n");
printf("        8.   memset past the end of a static character array\n");
printf("        9.   memset past the end of a malloced block\n");
printf("        10   Direct program access past the end of a malloced block\n");
printf("        11.  Use of pointer to freed memory block\n");
printf("        12.  Call to free with bad pointer\n");
printf("C++ related problems\n");
printf("        13.  String copy past end of memory block allocated with new\n");
printf("        14.  delete called with bad pointer\n");
printf("        15.  Exit with memory blocks not deleted\n");
printf("Memory Leakage\n");
printf("        16.  Exit with malloced blocks not freed\n");
printf("Enter Choice:  ");
}

void screen1()
{
printf("\n          Illegally Accessing Memory Outside Your Program\n");
printf("\n");
printf("After you press a key, a null pointer will be used to write to a low\n");
printf("memory address. This access (into the interrupt vector table) will cause\n");
printf("BOUNDS-CHECKER to pop up immediately.  Select 'Mark' on the main menu.\n");
printf("Marking places information about this exception in the .LOG file and\n");
printf("also WRITE PROTECTS the memory location, so you do not actually corrupt memory.\n");
printf("Marking also prevents BOUNDS-CHECKER from popping up on subsequent accesses\n");
printf("to this address, so if you make this choice a 2nd time it will not pop up.\n");
printf("\n\n\n\n\n\n\n\n\n\n\n\n");
printf("          To see this screen in BOUNDS-CHECKER, press '/'\n");
printf("\n");
printf("            Press any key to cause this program defect");
getch();
}

void screen2()
{
printf("\n           Write Over The Code Area Of This Program\n");
printf("\n");
printf("After you press a key, a this program will use a pointer to a routine in an\n");
printf("attempt to corrupt its own code area.  This illegal access will cause\n");
printf("BOUNDS-CHECKER to pop up immediately.\n");
printf("\n");
printf("To continue, select 'Mark' on the main menu.  Marking places \n");
printf("information about this exception in the .LOG file and also \n");
printf("WRITE PROTECTS the memory location, so you do not actually corrupt memory.\n");
printf("Marking also prevents BOUNDS-CHECKER from popping up on subsequent accesses.\n");
printf("to this address, so if you make this choice a 2nd time it will not pop up.\n");