TY - GEN
T1 - Enhanced Memory Corruption Detection in C/C++ Programs
AU - Lin, Ching Yi
AU - Yang, Wuu
N1 - Publisher Copyright:
© 2023 ACM.
PY - 2023/8/7
Y1 - 2023/8/7
N2 - Out-of-bound memory accesses, which often occur in programs written in unsafe languages such as C or C++, cause severe troubles. Though there are many useful tools aiming at this problem, we report a new tool, called mcds, for detecting spatial and temporal memory corruptions in x86-64 ELF binary. Mcds allocates each memory object to a separate virtual page. The rest is left blank. Due to a facility in the memory management library, we can set up memory protection so that accessing the "blank"part of a virtual page causes a hardware trap. Because it is a hardware trap, there is little run-time overhead. In order to save memory space, we may squeeze several virtual pages into a single physical page. Our first experimental result is that mcds can find all the bugs in the Firefox 78 package, the Chrome package and the PHP7.0 package that are recorded on the CVE Details website. Furthermore, mcds can detect three classes of memory corruptions that are beyond the capability of the current AddressSanitizer (Asan). Then we compare the time for compilation and fuzzing tests. The fuzzing test is done with AFL++ fuzzer on Ubuntu 22.04 LTS with Intel i5-9600K chip. According to our experimental results, mcds shows approximately 6x speedup in fuzzing tests against AddressSanitizer. There is not significant difference between compiling the source with AddressSanitizer or with mcds, though both of them result in 2x slowdown compared with compilation without a sanitizer.
AB - Out-of-bound memory accesses, which often occur in programs written in unsafe languages such as C or C++, cause severe troubles. Though there are many useful tools aiming at this problem, we report a new tool, called mcds, for detecting spatial and temporal memory corruptions in x86-64 ELF binary. Mcds allocates each memory object to a separate virtual page. The rest is left blank. Due to a facility in the memory management library, we can set up memory protection so that accessing the "blank"part of a virtual page causes a hardware trap. Because it is a hardware trap, there is little run-time overhead. In order to save memory space, we may squeeze several virtual pages into a single physical page. Our first experimental result is that mcds can find all the bugs in the Firefox 78 package, the Chrome package and the PHP7.0 package that are recorded on the CVE Details website. Furthermore, mcds can detect three classes of memory corruptions that are beyond the capability of the current AddressSanitizer (Asan). Then we compare the time for compilation and fuzzing tests. The fuzzing test is done with AFL++ fuzzer on Ubuntu 22.04 LTS with Intel i5-9600K chip. According to our experimental results, mcds shows approximately 6x speedup in fuzzing tests against AddressSanitizer. There is not significant difference between compiling the source with AddressSanitizer or with mcds, though both of them result in 2x slowdown compared with compilation without a sanitizer.
KW - Intel SGX
KW - LLVM
KW - memory corruption
KW - page aliasing
KW - red zones
KW - shadow memory
KW - x86-64
UR - http://www.scopus.com/inward/record.url?scp=85175090789&partnerID=8YFLogxK
U2 - 10.1145/3605731.3605903
DO - 10.1145/3605731.3605903
M3 - Conference contribution
AN - SCOPUS:85175090789
T3 - ACM International Conference Proceeding Series
SP - 71
EP - 78
BT - 52nd International Conference on Parallel Processing, ICPP 2023 - Workshops Proceedings
PB - Association for Computing Machinery
T2 - 52nd International Conference on Parallel Processing, ICPP 2023 - Workshops Proceedings
Y2 - 7 August 2023 through 10 August 2023
ER -