东南大学学报(英文版)2009,Vol.25Issue(2):219-223,5.
一种防止缓冲区溢出的整数溢出检测方法
Method of integer overflow detection to avoid buffer overflow
摘要
Abstract
A simplified integer overflow detection method based on path relaxation is described for avoiding buffer overflow triggered by integer overflow. When the integer overflow refers to the size of the buffer allocated dynamically, this kind of integer overflow is most likely to trigger buffer overflow. Based on this discovery, through lightly static program analysis, the solution traces the key variables referring to the size of a buffer allocated dynamically and it maintains the upper bound and lower bound of these variables. After the constraint information of these traced variables is inserted into the original program, this method tests the program with test cases through path relaxation, which means that it not only reports the errors revealed by the current runtime value of traced variables contained in the test case, but it also examines the errors possibly occurring under the same execution path with all the possible values of the traced variables. The effectiveness of this method is demonstrated in a case study. Compared with the traditional buffer overflow detection methods, this method reduces the burden of detection and improves efficiency.关键词
整数溢出/缓冲区溢出/路径松弛Key words
integer overflow/buffer overflow/path relaxation分类
信息技术与安全科学引用本文复制引用
张实睿,许蕾,徐宝文..一种防止缓冲区溢出的整数溢出检测方法[J].东南大学学报(英文版),2009,25(2):219-223,5.基金项目
The National Natural Science Foundation of China (No.60873050, 60703086), the Opening Foundation of State Key Laboratory of Software Engineering in Wuhan University (No. SKLSE20080717). (No.60873050, 60703086)
