| Statically detecting buffer overflow in C/C++ program is studied in this paper. Based on analyzing intermediate representation files generated by GCC front end, buffer overflow vulnerabilities are detected by embedding safety rules via syntax-directed translation.In order to make safety judgment in intra-procedural analysis, it is necessary to track variables' information with the help of attribute computation. According to the original structure, it is clear to handle variables with scope and look up variables using their names. Appropriate pointer attribute design will effectively eliminate the confusion induced by pointer alias, thereby simplify analysis and increase precision of analysis. In order to detect vulnerabilities in inter-procedural analysis, limit condition is collected in a function and used later when called. The precondition checks prerequisite before function call, and the post condition records the effect after function call. |
PDF Full Text Request