Enhanced Memory Corruption Detection in C/C++ Programs

Ching Yi Lin, Wuu Yang

研究成果: Conference contribution同行評審

摘要

Out-of-bound memory accesses, which often occur in programs written in unsafe languages such as C or C++, cause severe troubles. Though there are many useful tools aiming at this problem, we report a new tool, called mcds, for detecting spatial and temporal memory corruptions in x86-64 ELF binary. Mcds allocates each memory object to a separate virtual page. The rest is left blank. Due to a facility in the memory management library, we can set up memory protection so that accessing the "blank"part of a virtual page causes a hardware trap. Because it is a hardware trap, there is little run-time overhead. In order to save memory space, we may squeeze several virtual pages into a single physical page. Our first experimental result is that mcds can find all the bugs in the Firefox 78 package, the Chrome package and the PHP7.0 package that are recorded on the CVE Details website. Furthermore, mcds can detect three classes of memory corruptions that are beyond the capability of the current AddressSanitizer (Asan). Then we compare the time for compilation and fuzzing tests. The fuzzing test is done with AFL++ fuzzer on Ubuntu 22.04 LTS with Intel i5-9600K chip. According to our experimental results, mcds shows approximately 6x speedup in fuzzing tests against AddressSanitizer. There is not significant difference between compiling the source with AddressSanitizer or with mcds, though both of them result in 2x slowdown compared with compilation without a sanitizer.

原文English
主出版物標題52nd International Conference on Parallel Processing, ICPP 2023 - Workshops Proceedings
發行者Association for Computing Machinery
頁面71-78
頁數8
ISBN(電子)9798400708435
DOIs
出版狀態Published - 7 8月 2023
事件52nd International Conference on Parallel Processing, ICPP 2023 - Workshops Proceedings - Salt Lake City, 美國
持續時間: 7 8月 202310 8月 2023

出版系列

名字ACM International Conference Proceeding Series

Conference

Conference52nd International Conference on Parallel Processing, ICPP 2023 - Workshops Proceedings
國家/地區美國
城市Salt Lake City
期間7/08/2310/08/23

指紋

深入研究「Enhanced Memory Corruption Detection in C/C++ Programs」主題。共同形成了獨特的指紋。

引用此