EarlyDLDetect: An Early Root-Cause Locator of Dangling Pointers and Memory Leaks

EarlyDLDetect: An Early Root-Cause Locator of Dangling Pointers and Memory Leaks

Memory error detection tools like Address Sanitizer (ASAN) can detect the existence of dangling pointers and memory leaks, but cannot report their root causes, i.e., where they occur in the source code. For this reason, even with vulnerability reports and proof-of-concepts (PoC) using ASAN, it is of...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2024, Vol.12, p.187877-187891
Hauptverfasser: Gondow, Katsuhiko, Arahori, Yoshitaka
Format: Artikel
Sprache:eng
Schlagworte:
Codes
Dangling pointers
Debugging
Detectors
dynamic taint analysis
early detection
Error detection
Instruments
Leak detection
memory leaks
Metadata
Registers
Resource management
Root cause analysis
Source code
Source coding
Target tracking
use-after-free vulnerabilities
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Memory error detection tools like Address Sanitizer (ASAN) can detect the existence of dangling pointers and memory leaks, but cannot report their root causes, i.e., where they occur in the source code. For this reason, even with vulnerability reports and proof-of-concepts (PoC) using ASAN, it is often not easy to fix them. To mitigate this problem, we propose a novel detection tool EarlyDLDetect, which early reports the root causes of dangling pointers and memory leaks. In the empirical evaluation using our EarlyDLDetect implementation, EarlyDLDetect early detected 14 real-world vulnerabilities and provided the location of their root causes with acceptable runtime/memory overheads for debugging purposes. Three bug-fixing patches that we created based on EarlyDLDetect's detection are adopted by the original open-source projects.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2024.3515133