Sound input filter generation for integer overflow errors

Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Pub Date : 2014-01-08 DOI:10.1145/2535838.2535888

Fan Long, Stelios Sidiroglou, Deokhwan Kim, M. Rinard

{"title":"Sound input filter generation for integer overflow errors","authors":"Fan Long, Stelios Sidiroglou, Deokhwan Kim, M. Rinard","doi":"10.1145/2535838.2535888","DOIUrl":null,"url":null,"abstract":"We present a system, SIFT, for generating input filters that nullify integer overflow errors associated with critical program sites such as memory allocation or block copy sites. SIFT uses a static pro- gram analysis to generate filters that discard inputs that may trigger integer overflow errors in the computations of the sizes of allocated memory blocks or the number of copied bytes in block copy operations. Unlike all previous techniques of which we are aware, SIFT is sound -- if an input passes the filter, it will not trigger an integer overflow error at any analyzed site. Our results show that SIFT successfully analyzes (and therefore generates sound input filters for) 56 out of 58 memory allocation and block memory copy sites in analyzed input processing modules from five applications (VLC, Dillo, Swfdec, Swftools, and GIMP). These nullified errors include six known integer overflow vulnerabilities. Our results also show that applying these filters to 62895 real-world inputs produces no false positives. The analysis and filter generation times are all less than a second.","PeriodicalId":20683,"journal":{"name":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2014-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"54","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2535838.2535888","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 54

Abstract

We present a system, SIFT, for generating input filters that nullify integer overflow errors associated with critical program sites such as memory allocation or block copy sites. SIFT uses a static pro- gram analysis to generate filters that discard inputs that may trigger integer overflow errors in the computations of the sizes of allocated memory blocks or the number of copied bytes in block copy operations. Unlike all previous techniques of which we are aware, SIFT is sound -- if an input passes the filter, it will not trigger an integer overflow error at any analyzed site. Our results show that SIFT successfully analyzes (and therefore generates sound input filters for) 56 out of 58 memory allocation and block memory copy sites in analyzed input processing modules from five applications (VLC, Dillo, Swfdec, Swftools, and GIMP). These nullified errors include six known integer overflow vulnerabilities. Our results also show that applying these filters to 62895 real-world inputs produces no false positives. The analysis and filter generation times are all less than a second.

查看原文本刊更多论文

为整数溢出错误生成声音输入滤波器

我们提出了一个系统，SIFT，用于生成输入过滤器，该过滤器可以消除与关键程序站点(如内存分配或块复制站点)相关的整数溢出错误。SIFT使用静态程序分析来生成过滤器，这些过滤器丢弃可能在计算分配的内存块的大小或块复制操作中复制的字节数时触发整数溢出错误的输入。与我们所知道的所有以前的技术不同，SIFT是可靠的——如果输入通过过滤器，它不会在任何被分析的站点触发整数溢出错误。我们的结果表明，在分析的来自五个应用程序(VLC、Dillo、Swfdec、Swftools和GIMP)的输入处理模块中，SIFT成功地分析了58个内存分配和块内存复制站点中的56个(并因此生成声音输入过滤器)。这些无效错误包括六个已知的整数溢出漏洞。我们的结果还表明，对62895个实际输入应用这些过滤器不会产生误报。分析和滤波器的生成时间都小于1秒。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

自引率

0.00%

发文量