On Linux I'd use Valgrind.

在 Linux 上，我会使用 Valgrind。

Consider using more modern data structures as a way of avoiding buffer overflows. Reading into a std::string won't overflow, and std::vectors are much safer than arrays. I don't know what your application is, and it's possible that raw buffers are used because you need the speed, but it's more common that they are used because that's what the original programmers were comfortable with.

考虑使用更现代的数据结构来避免缓冲区溢出。读入 std::string 不会溢出，并且 std::vectors 比数组安全得多。我不知道您的应用程序是什么，并且可能因为您需要速度而使用原始缓冲区，但使用它们更为常见，因为这是原始程序员所熟悉的。

Searching for memory leaks with the tools mentioned is a good idea, but they may not find all potential leaks, while using standard strings and container classes can eliminate problems you didn't realize you had.

使用提到的工具搜索内存泄漏是一个好主意，但它们可能无法找到所有潜在的泄漏，而使用标准字符串和容器类可以消除您没有意识到的问题。

IBM's Purify will do this, you run your app under it and it will give you a report of all errors (including other ones).

IBM 的 Purify 会执行此操作，您在它下运行您的应用程序，它会为您提供所有错误（包括其他错误）的报告。

To kill memory leaks, use UMDH - run your app, take a snapshot of the memory, run it again, snapshot and then use a diff tool to see the allocations made since the first run through (note you must run your app once, and take snapshots as best you can).

要消除内存泄漏，请使用 UMDH - 运行您的应用程序，拍摄内存快照，再次运行它，然后使用 diff 工具查看自第一次运行以来所做的分配（请注意，您必须运行您的应用程序一次，并且尽可能拍摄快照）。

Check on electric-fence, it is design just for buffer overflow ! It does not slow down the code itself (but slow down allocation/deallocation). It works and linux and windows.

检查电围栏，它是专为缓冲区溢出而设计的！它不会减慢代码本身的速度（但会减慢分配/解除分配的速度）。它适用于 linux 和 windows。

It works by adding a segment with no read or write access before and after each allocated space. Trying to access this memory end up as a segmentation fault on UNIX and a memory violation (or something similar) on Windows.

它的工作原理是在每个分配的空间前后添加一个没有读或写访问权限的段。尝试访问此内存在 UNIX 上会导致分段错误，在 Windows 上会导致内存冲突（或类似情况）。

The problem with /GS is it won't actually scan for bugs. It will just alert you after the fact. It seems like you are looking for a tool which will scan your existing code for potential buffer over/under runs.

/GS 的问题在于它实际上不会扫描错误。它只会在事后提醒您。似乎您正在寻找一种工具来扫描您现有的代码以查找潜在的缓冲区溢出/不足运行。

A good tool for this, and other defects, is the Microsoft PreFAST tool.

Microsoft PreFAST 工具是解决此问题和其他缺陷的好工具。

Information here

信息在这里

MS:

多发性硬化症：

• UMDH.exe tool: http://support.microsoft.com/kb/268343
• /analyze compiler option (free from the latest Microsoft SDK)

• UMDH.exe 工具：http: //support.microsoft.com/kb/268343
• /analyze 编译器选项（从最新的 Microsoft SDK 中免费）

I'm surprised no one's mentioned Application Verifier (free!)on Windows. Visual Leak Detector (mentioned in another answer) is absolutely amazing for tracking many types of memory leak, but Application Verifier is top dog for tracking memory errors like buffer overruns, double frees, and buffer use after free (plus many, many more).

我很惊讶没有人提到Windows 上的应用程序验证程序（免费！）。Visual Leak Detector（在另一个答案中提到）对于跟踪多种类型的内存泄漏来说绝对是惊人的，但 Application Verifier 是跟踪内存错误（如缓冲区溢出、双重释放和释放后缓冲区使用（还有很多））的佼佼者。

Edit: And it's very, very easy to use.

编辑：而且它非常非常易于使用。

My company, Semantic Designsis looking for beta testers for a runtime memory safety checker(including buffer overruns) that detects all types of memory access violations, even those that valgrind and Purify cannot. This is presently for Windows C programs only, not C++ or other OSes.

我的公司Semantic Designs正在为运行时内存安全检查器（包括缓冲区溢出）寻找 Beta 测试人员，该检查器可以检测所有类型的内存访问冲突，甚至是 valgrind 和 Purify 无法检测的那些。这目前仅适用于 Windows C 程序，不适用于 C++ 或其他操作系统。

EDIT June 1, 2011: The CheckPointer tool has gone production. Still C/Windows only. Handle multiple C dialects: MS Visual C, GCC 3/4.

编辑 2011 年 6 月 1 日：CheckPointer 工具已投入生产。仍然仅限 C/Windows。处理多种 C 方言：MS Visual C、GCC 3/4。

EDIT May 5, 2012: CheckPointer now handles C99, including checking calls on the standard C and C99 libraries.

2012 年 5 月 5 日编辑：CheckPointer 现在处理 C99，包括检查对标准 C 和 C99 库的调用。

The BoundsChecker component of Compuware's Devpartnerdoes this very well in terms of dynamic execution. For static testing, I'd recommend pc-lint and flex-lintcoupled up to Riverblade's visual lintfor usability and reporting. If you have been handed a new code base, I'd recommend starting out with static analysis with reasonably loose rules so you catch just the nasty stuff. As the codebase improves you can tightent the rule set.

Compuware 的 Devpartner的 BoundsChecker 组件在动态执行方面做得很好。对于静态测试，我建议将pc-lint 和 flex-lint与Riverblade 的可视化 lint结合起来以提高可用性和报告。如果您已经获得了一个新的代码库，我建议您从具有合理松散规则的静态分析开始，这样您就可以捕捉到令人讨厌的东西。随着代码库的改进，您可以收紧规则集。

If you need to do this on Windows Mobile / Windows CE, check out Entrek's code snitch

如果您需要在 Windows Mobile / Windows CE 上执行此操作，请查看Entrek 的代码告密者

Another tool to consider if the code makes it into the field is AQtrace, which basically analyses crashes on user machines and sends you the details. (Just in case all that boundchecking, purifcation, linting, valgrinding etc.. misses something)

另一个要考虑代码是否进入该领域的工具是AQtrace，它基本上分析用户机器上的崩溃并向您发送详细信息。（以防万一所有的边界检查、纯化、linting、valgrinding 等……遗漏了一些东西）

My vote goes to Rational Purify. Extremely powerful with a price to match. Makes short work of lots of problems and can really pay for itself. Also, is available on most *nix. Not sure about Windows, though.

我的票投给了 Rational Purify。非常强大，价格相匹配。使很多问题的短期工作能够真正收回成本。此外，在大多数 *nix 上都可用。不过，不确定 Windows。