Skip to main content
Article thumbnail
Location of Repository

By 

Abstract

Zero-sized heap allocations vulnerability analysis In this article, we discuss a source of security vulnerabilities related to zero-sized heap allocations. We present a feasibility study to show the use of a theorem prover based extended static checker to help code audit to find these vulnerabilities. We employed this tool to uncover around 10 local and remote untrusted code execution vulnerabilities in three core OS components. We highlight the benefits, the challenges faced and outstanding problems to enable wider use. Additional manual code review of remotely exposed software suggests that zero and near-zero allocations are particularly difficult to handle for developers.

Year: 2010
OAI identifier: oai:CiteSeerX.psu:10.1.1.172.7947
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.usenix.org/events/w... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.