Automatic Discovery and Patching of Buffer and Integer Overflow Errors

Sidiroglou-Douskos, Stelios; Lahtinen, Eric; Rinard, Martin

Author(s)

Sidiroglou-Douskos, Stelios; Lahtinen, Eric; Rinard, Martin

DownloadMIT-CSAIL-TR-2015-018.pdf (224.6Kb)

Other Contributors

Program Analysis

Advisor

Martin Rinard

Metadata

Show full item record

Abstract

We present Targeted Automatic Patching (TAP), an automatic buffer and integer overflow discovery and patching system. Starting with an application and a seed input that the application processes correctly, TAP dynamically analyzes the execution of the application to locate target memory allocation sites and statements that access dynamically or statically allocated blocks of memory. It then uses targeted error-discovery techniques to automatically generate inputs that trigger integer and/or buffer overflows at the target sites. When it discovers a buffer or integer overflow error, TAP automatically matches and applies patch templates to generate patches that eliminate the error. Our experimental results show that TAP successfully discovers and patches two buffer and six integer overflow errors in six real-world applications.

Date issued

2015-05-26

URI

http://hdl.handle.net/1721.1/97087

Series/Report no.

MIT-CSAIL-TR-2015-018

Collections

CSAIL Technical Reports (July 1, 2003 - present)