Research on use-after-free detection method based on the dangling pointer tracking
With the increasing attention paid to the UAF vulnerability,its exploitation methods have become more diverse and the threat posed to computer systems has become more serious.Therefore,this paper pro-poses a lightweight UAF vulnerability detection scheme.The scheme accumulates all possible dangling point-ers in the program under test based on LLVM IR,and then after performing accurate data flow analysis and control flow analysis on them,the redefined pointers can be excluded and all dangling pointers can be ob-tained.Finally,the operation sequence of the UAF vulnerability can be obtained by performing reachability analysis and data flow analysis on the dangling pointer.The scheme also reduces system overhead in two ways:simplifying inter-procedural analysis to intra-procedural analysis and combining alias analysis algo-rithms with data flow analysis.The experiment results tested on open-source test cases and real programs show that the scheme can quickly and accurately identify UAF vulnerabilities in the code and report the dan-gerous operation sequences.
国家科技期刊平台
NSTL
万方数据
