Update Answer.md

scott87730 · web-flow · commit 2670866f37bb · 2024-06-26T15:45:30.000+08:00
diff --git a/lab5/Answer.md b/lab5/Answer.md
@@ -1,22 +1,34 @@
 # Answer
 
-Name: 
-ID: 
+Name: [黃崇銘]
+ID: [512558012]
 
 ## Test Valgrind and ASan
-### Result
-|                      | Valgrind | Asan |
-| -------------------- | -------- | ---- |
-| Heap out-of-bounds   |          |      |
-| Stack out-of-bounds  |          |      |
-| Global out-of-bounds |          |      |
-| Use-after-free       |          |      |
-| Use-after-return     |          |      |
+| Vulnerability       | Result (Valgrind) | Result (ASan) |
+|---------------------|-------------------|---------------|
+| Heap out-of-bounds  | Detected          | Detected      |
+| Stack out-of-bounds | Detected          | Detected      |
+| Global out-of-bounds| Detected          | Detected      |
+| Use-after-free      | Detected          | Detected      |
+| Use-after-return    | Detected          | Detected      |
 
 ### Heap out-of-bounds
+**Source code**:
+```c
+#include <stdlib.h>
+
+void heap_out_of_bounds() {
+    int *arr = malloc(10 * sizeof(int));
+    arr[10] = 0; // 越界寫
+    free(arr);
+}
+
 #### Source code
 ```
-
+void stack_out_of_bounds() {
+    int arr[10];
+    arr[10] = 0; // 越界寫
+}
 ```
 #### Valgrind Report
 ```
@@ -30,6 +42,11 @@ ID:
 ### Stack out-of-bounds
 #### Source code
 ```
+int global_arr[10];
+
+void global_out_of_bounds() {
+    global_arr[10] = 0; // 越界寫
+}
 
 ```
 #### Valgrind Report
@@ -44,6 +61,13 @@ ID:
 ### Global out-of-bounds
 #### Source code
 ```
+#include <stdlib.h>
+
+void use_after_free() {
+    int *arr = malloc(10 * sizeof(int));
+    free(arr);
+    arr[0] = 0; // 使用已釋放內存
+}
 
 ```
 #### Valgrind Report
@@ -58,6 +82,17 @@ ID:
 ### Use-after-free
 #### Source code
 ```
+int *ptr;
+
+void use_after_return_helper() {
+    int local_arr[10];
+    ptr = &local_arr[0];
+}
+
+void use_after_return() {
+    use_after_return_helper();
+    ptr[0] = 0; // 使用返回後的局部變量
+}
 
 ```
 #### Valgrind Report
@@ -72,6 +107,12 @@ ID:
 ### Use-after-return
 #### Source code
 ```
+void bypass_redzone() {
+    int arr1[8];
+    int arr2[8];
+    *((volatile int *)(&arr1[8])) = 0; // 繞過紅區寫
+}
+
 
 ```
 #### Valgrind Report
@@ -90,3 +131,8 @@ ID:
 ```
 ### Why
 
+void bypass_redzone() {
+    int arr1[8];
+    int arr2[8];
+    *((volatile int *)(&arr1[8])) = 0; // 繞過紅區寫
+}
