Buffer Overflow Analysis for C
Buffer overflow detection and mitigation for C programs has been an important concern for a long time. This paper defines a string buffer overflow analysis for C programs. The key ideas of our formulation are (a) separating buffers from the pointers that point to them, (b) modelling buffers in terms...
Main Author: | |
---|---|
Format: | Report |
Language: | unknown |
Published: |
arXiv
2014
|
Subjects: | |
Online Access: | https://dx.doi.org/10.48550/arxiv.1412.5400 https://arxiv.org/abs/1412.5400 |
id |
ftdatacite:10.48550/arxiv.1412.5400 |
---|---|
record_format |
openpolar |
spelling |
ftdatacite:10.48550/arxiv.1412.5400 2023-05-15T18:32:42+02:00 Buffer Overflow Analysis for C Khedker, Uday P. 2014 https://dx.doi.org/10.48550/arxiv.1412.5400 https://arxiv.org/abs/1412.5400 unknown arXiv arXiv.org perpetual, non-exclusive license http://arxiv.org/licenses/nonexclusive-distrib/1.0/ Programming Languages cs.PL FOS Computer and information sciences F.3.1; F.3.2; D.2.4; D.3.4 Preprint Article article CreativeWork 2014 ftdatacite https://doi.org/10.48550/arxiv.1412.5400 2022-04-01T12:32:11Z Buffer overflow detection and mitigation for C programs has been an important concern for a long time. This paper defines a string buffer overflow analysis for C programs. The key ideas of our formulation are (a) separating buffers from the pointers that point to them, (b) modelling buffers in terms of sizes and sets of positions of null characters, and (c) defining stateless functions to compute the sets of null positions and mappings between buffers and pointers. This exercise has been carried out to test the feasibility of describing such an analysis in terms of lattice valued functions and relations to facilitate automatic construction of an analyser without the user having to write C/C++/Java code. This is facilitated by devising stateless formulations because stateful formulations combine features through side effects in states raising a natural requirement of C/C++/Java code to be written to describe them. Given the above motivation, the focus of this paper is not to build good static approximations for buffer overflow analysis but to show how given static approximations could be formalized in terms of stateless formulations so that they become amenable to automatic construction of analysers. Report The Pointers DataCite Metadata Store (German National Library of Science and Technology) |
institution |
Open Polar |
collection |
DataCite Metadata Store (German National Library of Science and Technology) |
op_collection_id |
ftdatacite |
language |
unknown |
topic |
Programming Languages cs.PL FOS Computer and information sciences F.3.1; F.3.2; D.2.4; D.3.4 |
spellingShingle |
Programming Languages cs.PL FOS Computer and information sciences F.3.1; F.3.2; D.2.4; D.3.4 Khedker, Uday P. Buffer Overflow Analysis for C |
topic_facet |
Programming Languages cs.PL FOS Computer and information sciences F.3.1; F.3.2; D.2.4; D.3.4 |
description |
Buffer overflow detection and mitigation for C programs has been an important concern for a long time. This paper defines a string buffer overflow analysis for C programs. The key ideas of our formulation are (a) separating buffers from the pointers that point to them, (b) modelling buffers in terms of sizes and sets of positions of null characters, and (c) defining stateless functions to compute the sets of null positions and mappings between buffers and pointers. This exercise has been carried out to test the feasibility of describing such an analysis in terms of lattice valued functions and relations to facilitate automatic construction of an analyser without the user having to write C/C++/Java code. This is facilitated by devising stateless formulations because stateful formulations combine features through side effects in states raising a natural requirement of C/C++/Java code to be written to describe them. Given the above motivation, the focus of this paper is not to build good static approximations for buffer overflow analysis but to show how given static approximations could be formalized in terms of stateless formulations so that they become amenable to automatic construction of analysers. |
format |
Report |
author |
Khedker, Uday P. |
author_facet |
Khedker, Uday P. |
author_sort |
Khedker, Uday P. |
title |
Buffer Overflow Analysis for C |
title_short |
Buffer Overflow Analysis for C |
title_full |
Buffer Overflow Analysis for C |
title_fullStr |
Buffer Overflow Analysis for C |
title_full_unstemmed |
Buffer Overflow Analysis for C |
title_sort |
buffer overflow analysis for c |
publisher |
arXiv |
publishDate |
2014 |
url |
https://dx.doi.org/10.48550/arxiv.1412.5400 https://arxiv.org/abs/1412.5400 |
genre |
The Pointers |
genre_facet |
The Pointers |
op_rights |
arXiv.org perpetual, non-exclusive license http://arxiv.org/licenses/nonexclusive-distrib/1.0/ |
op_doi |
https://doi.org/10.48550/arxiv.1412.5400 |
_version_ |
1766216887335649280 |