a checker for dangling string pointers in c
play

A checker for dangling string pointers in C++ in the Clang Static - PowerPoint PPT Presentation

Mar 08, 2023 •152 likes •257 views

A checker for dangling string pointers in C++ in the Clang Static Analyzer Rka Kovcs Mentors: Artem Dergachev Etvs Lornd University, Budapest, Hungary Gbor Horvth rekanikolett@gmail.com Real-world example return

  1. A checker for dangling string pointers in C++ in the Clang Static Analyzer Réka Kovács Mentors: Artem Dergachev Eötvös Loránd University, Budapest, Hungary Gábor Horváth rekanikolett@gmail.com

  2. Real-world example return std::to_string(size).c_str();

  3. Real-world example return std::to_string(size).c_str(); std::to_string() creates a temporary object the caller will receive a pointer to an already deallocated character buffer

  4. Real-world example * return std::to_string(size).c_str(); std::to_string() creates a temporary object the caller will receive a pointer to an already deallocated character buffer * found code like this in popular open-source projects

  5. cplusplus.InnerPointer Raw pointer to buffer obtained from string c_str(), data() Operation that re/deallocates the buffer dtor, =, +=, assign(), clear(), erase(), insert(), ... Use of the raw pointer ‘Inner pointer of container used after re/deallocation’

  6. cplusplus.InnerPointer Evaluated on a couple of open-source projects (+ dependencies): Bitcoin, Ceph, Harfbuzz, ICU, LibreOffice, LLVM, qBittorrent Found 3 true positives in Ceph, GPGME and Facebook’s RocksDB Reported & fixed within a day Found 0 false positives in these projects! Please try it out and give feedback!

  7. Future plans other STL / non-STL containers std::string_view

  8. How to use Analyze a project: Analyze one file: $ scan-build $ clang --analyze a.cpp Enabled by default Enabled by default

  9. Thanks! Final report: rnkovacs.github.io/gsoc2018 Réka Kovács / rekanikolett@gmail.com

Recommend

Dangling Pointers Periklis Akritidis --2010 Use-after-free Vulnerabilities Accessing Memory

Dangling Pointers Periklis Akritidis --2010 Use-after-free Vulnerabilities Accessing Memory

Cling: A Memory Allocator to Mitigate Dangling Pointers Periklis Akritidis --2010 Use-after-free Vulnerabilities Accessing Memory Through Dangling Pointers Techniques : Heap Spraying, Feng Shui Manual memory management is error prone

574 views • 35 slides
Preventing Use-after-free with Dangling Pointers Nullification Byoungyoung Lee , Chengyu Song,

Preventing Use-after-free with Dangling Pointers Nullification Byoungyoung Lee , Chengyu Song,

Preventing Use-after-free with Dangling Pointers Nullification Byoungyoung Lee , Chengyu Song, Yeongjin Jang Tielei Wang, Taesoo Kim, Long Lu, Wenke Lee Georgia Institute of Technology Stony Brook University Emerging Threat: Use-after-free

923 views • 43 slides
Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents

Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents

Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents What is a Dangling Pointer? Code Injection Object Overriding Demonstrations Remediation Summary Q&A 2 What is a

543 views • 28 slides
arrays and strings: pointers and memory allocation Why not rely solely on string and Vector

arrays and strings: pointers and memory allocation Why not rely solely on string and Vector

arrays and strings: pointers and memory allocation Why not rely solely on string and Vector classes? how are string and Vector implemented? lower level access can be more efficient (but be leery of claims that C-style arrays/strings

297 views • 10 slides
Contiguous chunks of memory Arrays/strings: pointers and memory allocation int * a = new

Contiguous chunks of memory Arrays/strings: pointers and memory allocation int * a = new

Contiguous chunks of memory Arrays/strings: pointers and memory allocation int * a = new int[100]; Why not rely solely on string and vector classes? In C++ allocate using array form of new how are string and vector implemented? 0

196 views • 3 slides
The effects of dangling nodes on citation networks Erjia Yan & Ying Ding ISSI 2011 - June

The effects of dangling nodes on citation networks Erjia Yan & Ying Ding ISSI 2011 - June

The effects of dangling nodes on citation networks Erjia Yan & Ying Ding ISSI 2011 - June 30, 2011 Dangling nodes on the web Dangling nodes denote the nodes without outgoing links Some web pages do not contain any valid hyperlinks

467 views • 20 slides
Outerjoin = with tuples padded with R S R . / S dangling . / n ulls and

Outerjoin = with tuples padded with R S R . / S dangling . / n ulls and

Outerjoin = with tuples padded with R S R . / S dangling . / n ulls and included in the result. A tuple is dangling if it do esn't join with an y other tuple. = R A B 1 2 3 4 = S B C 2 5 2

185 views • 18 slides
Automatic Garbage Collection Reference counting Automatically free dead objects For each

Automatic Garbage Collection Reference counting Automatically free dead objects For each

Automatic Garbage Collection Reference counting Automatically free dead objects For each heap-allocated object, maintain count of # of pointers to object no dangling pointers , no storage leaks (maybe) when create object, ref count = 0

1.14k views • 5 slides
Automatic Garbage Collection Reference counting Automatically free dead objects For each

Automatic Garbage Collection Reference counting Automatically free dead objects For each

Automatic Garbage Collection Reference counting Automatically free dead objects For each heap-allocated object, maintain count of # of pointers to object no dangling pointers , no storage leaks (maybe) when create object, ref count = 0

246 views • 8 slides
Topic 7 1. Defining and using pointers 2. Arrays and pointers 3. C and C++ strings 4.

Topic 7 1. Defining and using pointers 2. Arrays and pointers 3. C and C++ strings 4.

Topic 7 1. Defining and using pointers 2. Arrays and pointers 3. C and C++ strings 4. Dynamic memory allocation 5. Arrays and vectors of pointers 6. Problem solving: draw a picture 7. Classes of objects 8. Pointers and objects

613 views • 21 slides
Class Five You havent run screaming yet... Lets do pointers! pointers are one of the

Class Five You havent run screaming yet... Lets do pointers! pointers are one of the

The Code Liberation Foundation Lecture 5 Pointers Class Five You havent run screaming yet... Lets do pointers! pointers are one of the most powerful things about c++ A pointer is a variable that holds the address of another

608 views • 22 slides
Pointers III: Struct & Pointers 1 Structures What is

Pointers III: Struct & Pointers 1 Structures What is

Pointers III: Struct & Pointers 1 Structures What is a structure? One or more values, called members, with possibly dissimilar types that are

531 views • 25 slides
Pointers III: Struct & Pointers 1 Structures What is

Pointers III: Struct & Pointers 1 Structures What is

Pointers III: Struct & Pointers 1 Structures What is a structure? One or more values, called members, with possibly dissimilar types that are

444 views • 26 slides
Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of

Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of

Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of Mozilla Sander van Geloven FOSDEM, Brussels February 1, 2020 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

611 views • 39 slides
Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3

Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3

Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3 programs; now we'll see them in C. Pointer Address of a variable in memory Allows us to indirectly access variables in other words,

1.1k views • 29 slides
Fundamentals of Programming Lecture 15 Hamed Rasifard 1 Outline Types of Pointers

Fundamentals of Programming Lecture 15 Hamed Rasifard 1 Outline Types of Pointers

Fundamentals of Programming Lecture 15 Hamed Rasifard 1 Outline Types of Pointers Arrays of Pointers Multiple Indirection Initializing Pointers Pointers to Functions Dynamic Memory Allocation 2 Types of Pointers

199 views • 19 slides
Pointers II 1 Outline Pointers arithmetic and others Functions & pointers 2 Pointer

Pointers II 1 Outline Pointers arithmetic and others Functions & pointers 2 Pointer

Pointers II 1 Outline Pointers arithmetic and others Functions & pointers 2 Pointer Arithmetic When you add to or subtract from a pointer, the amount by which you do that is multiplied by the size of the type the pointer points

689 views • 33 slides
Practical pluggable types via the Checker Framework Matthew Papi, Mahmood Ali, Telmo Correa Jr.,

Practical pluggable types via the Checker Framework Matthew Papi, Mahmood Ali, Telmo Correa Jr.,

void print( @Readonly Object x) { List< @NonNull String> lst; } Practical pluggable types via the Checker Framework Matthew Papi, Mahmood Ali, Telmo Correa Jr., Jeff Perkins, Michael Ernst MIT Problem 1: Javas type checking Type

801 views • 37 slides
Nuspell: the new spell checker FOSS spell checker implemented in C++14 with aid of Mozilla.

Nuspell: the new spell checker FOSS spell checker implemented in C++14 with aid of Mozilla.

Nuspell: the new spell checker FOSS spell checker implemented in C++14 with aid of Mozilla. Sander van Geloven FOSDEM, Brussels February 2, 2019 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

327 views • 21 slides
Today: C Pointers & Arrays Understand str / ldr Understand C pointers ARM

Today: C Pointers & Arrays Understand str / ldr Understand C pointers ARM

This week Assignment 1 due Tuesday: youll have proved your bare-metal mettle! Lab 2 prep do pre-lab reading! bring your tools Today: C Pointers & Arrays Understand str / ldr Understand C pointers ARM addressing

520 views • 38 slides
Pointers to Functions C doesn t require that pointers point only to data; it s also

Pointers to Functions C doesn t require that pointers point only to data; it s also

Pointers to Functions C doesn t require that pointers point only to data; it s also possible to have pointers to functions. Pointers to Functions Function pointers point to memory addresses where functions are stored. o int (*fp)

240 views • 5 slides
Pointers & Dynamic Memory Review C Pointers Introduce C++ Pointers Data Abstractions

Pointers & Dynamic Memory Review C Pointers Introduce C++ Pointers Data Abstractions

Pointers & Dynamic Memory Review C Pointers Introduce C++ Pointers Data Abstractions CSCI-2320 Dr. Tom Hicks Computer Science Department 2 Printing! Use Computer Science Printers Only For Your Computer Science Homework!!!! Print

1.19k views • 37 slides
Have some fun Checker: Checker: http://www.cs.caltech.edu/~ vhuang/cs 20/c/applet/more.html

Have some fun Checker: Checker: http://www.cs.caltech.edu/~ vhuang/cs 20/c/applet/more.html

Have some fun Checker: Checker: http://www.cs.caltech.edu/~ vhuang/cs 20/c/applet/more.html 1 Local Beam Search Run multiple searches to find the Run multiple searches to find the solution The best K states are selected. Like

636 views • 24 slides
Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our

Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our

Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our C programs; now we'll see how they are implemented in LC-3. Pointer Address of a variable in memory Allows us to indirectly access

343 views • 16 slides

More recommend