Static Checking of Array Index Out-of-Bounds Defects in C Programs Based on Taint Analysis

Int. J. Softw. Informatics Pub Date : 1900-01-01 DOI:10.21655/ijsi.1673-7288.00246

Fengjuan Gao, Yu Wang, Tianjiao Chen, Lingyun Situ, Linzhang Wang, Xuandong Li

{"title":"Static Checking of Array Index Out-of-Bounds Defects in C Programs Based on Taint Analysis","authors":"Fengjuan Gao, Yu Wang, Tianjiao Chen, Lingyun Situ, Linzhang Wang, Xuandong Li","doi":"10.21655/ijsi.1673-7288.00246","DOIUrl":null,"url":null,"abstract":"During the rapid development of mobile computing, IoT, cloud computing, artificial intelligence, etc, many new programming languages and compilers are emerging. Even so, C/C++ language is still one of the most popular languages. And array is one of the most important data structures of C language. It is necessary to check whether the index is within the boundary of the array when using it to access the element of an array in a program. Otherwise, array index out-of-bounds will happen unexpectedly. When there are array index out-of-bounds defects existing in programs, some serious errors may occur during execution, such as system crash. It is even worse that array index out-of-bounds defects open the doors for attackers to take control of the server and execute arbitrary malicious code by carefully constructing input and intercepting the control flow of the programs. Existing static methods for array boundary checking cannot ∗ 基金项目: 国家重点研发计划(2017YFA0700604); 南京大学优秀博士研究生创新能力提升计划 B; 江苏省研究生科研与实践","PeriodicalId":218849,"journal":{"name":"Int. J. Softw. Informatics","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Softw. Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21655/ijsi.1673-7288.00246","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

During the rapid development of mobile computing, IoT, cloud computing, artificial intelligence, etc, many new programming languages and compilers are emerging. Even so, C/C++ language is still one of the most popular languages. And array is one of the most important data structures of C language. It is necessary to check whether the index is within the boundary of the array when using it to access the element of an array in a program. Otherwise, array index out-of-bounds will happen unexpectedly. When there are array index out-of-bounds defects existing in programs, some serious errors may occur during execution, such as system crash. It is even worse that array index out-of-bounds defects open the doors for attackers to take control of the server and execute arbitrary malicious code by carefully constructing input and intercepting the control flow of the programs. Existing static methods for array boundary checking cannot ∗ 基金项目: 国家重点研发计划(2017YFA0700604); 南京大学优秀博士研究生创新能力提升计划 B; 江苏省研究生科研与实践

查看原文本刊更多论文

基于污点分析的C程序中数组索引越界缺陷的静态检测

在移动计算、物联网、云计算、人工智能等快速发展的过程中，涌现出许多新的编程语言和编译器。即便如此，C/ c++语言仍然是最流行的语言之一。数组是C语言中最重要的数据结构之一。在程序中使用索引访问数组元素时，有必要检查索引是否在数组的边界内。否则，将意外发生数组索引越界。当程序中存在数组索引越界缺陷时，可能会在执行过程中出现严重的错误，如系统崩溃。更糟糕的是，数组索引越界缺陷为攻击者打开了控制服务器的大门，并通过仔细构造输入和拦截程序的控制流来执行任意恶意代码。现有的阵列边界检查的静态方法不能(∗);【翻译】;江苏省研究生科研与实践

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Int. J. Softw. Informatics

自引率

0.00%

发文量