docker中测试Address Sanitizer

原文地址：https://www.cnblogs.com/liqinglucky/p/address-sanitizer-in-docker.html

Docker只是提供了一个运行环境，Docker里的程序集成Address Sanitizer与Linux环境编译相比并不需要做任何额外改动。

源代码：liqinglucky/DockerHelloWorld - 码云 - 开源中国 (gitee.com)

一、代码

在编译程序时加上编译参数-fsanitize=address

RUN g++ -fsanitize=address -g -o HelloWorld HelloWorld.cpp

在HelloWorld.cpp加上测试代码

int a1[10] = {0};
std::cout << a1[11];

二、编译

DockerHelloWorld# docker build -f ./Dockerfile -t hello:v1 .

Sending build context to Docker daemon  84.99kB
Step 1/5 : FROM gcc:4.9
 ---> 1b3de68a7ff8
Step 2/5 : COPY . /HelloWorld
 ---> f366acaf4880
Step 3/5 : WORKDIR /HelloWorld
 ---> Running in 70f174f6c268
Removing intermediate container 70f174f6c268
 ---> 14de1dc480b4
Step 4/5 : RUN g++ -fsanitize=address -g -o HelloWorld HelloWorld.cpp
 ---> Running in 46a451258fa1
Removing intermediate container 46a451258fa1
 ---> c363c617f6e2
Step 5/5 : CMD ["./HelloWorld"]
 ---> Running in d2b6baf583b0
Removing intermediate container d2b6baf583b0
 ---> d5e6979e98e1
Successfully built d5e6979e98e1
Successfully tagged hello:v1

三、测试

# docker run hello:v1
=================================================================
==1==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff655d1f3c at pc 0x400cae bp 0x7fff655d1ed0 sp 0x7fff655d1ec8
READ of size 4 at 0x7fff655d1f3c thread T0
    #0 0x400cad in main /HelloWorld/HelloWorld.cpp:12
    #1 0x7fb055e0cb44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
    #2 0x400ac8 (/HelloWorld/HelloWorld+0x400ac8)

Address 0x7fff655d1f3c is located in stack of thread T0 at offset 76 in frame
    #0 0x400ba5 in main /HelloWorld/HelloWorld.cpp:4

  This frame has 1 object(s):
    [32, 72) 'a1' <== Memory access at offset 76 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /HelloWorld/HelloWorld.cpp:12 main
Shadow bytes around the buggy address:
  0x10006cab2390: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab23a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab23b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab23c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab23d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
=>0x10006cab23e0: f1 f1 00 00 00 00 00[f4]f4 f4 f3 f3 f3 f3 00 00
  0x10006cab23f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab2400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab2410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab2420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10006cab2430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Contiguous container OOB:fc
  ASan internal:           fe
==1==ABORTING

可以看到Address Sanitizer的Log就说明Docker里程序集成Address Sanitizer编译成功！