Coverage-based Greybox Fuzzing with Pointer Monitoring for C Programs

Abstract

C has been regarded as a dominant programming language for system software implementation. Meanwhile, it often suffers from various memory vulnerabilities due to its low-level memory control. Quite massive approaches are proposed to enhance memory security, among which Coverage-based Greybox Fuzzing (CGF) is very popular because of its practicality and satisfactory effectiveness. However, CGF identifies vulnerabilities based on the catched crashes, thus cannot detect vulnerabilities with non-crash. In this paper, we consider to trace pointer metadata (status, bounds and referents) to detect more various vulnerabilities. Additionally, since pointers in C are often directly related to memory operations, we design two standards to further use pointer metadata as the guidance of CGF, making fuzzing process target to the vulnerable part of programs.