[cfe-dev] Implementation of IO2BO Dynamic Checks
Benjamin Schulz
bjs428 at mail.missouri.edu
Tue Nov 22 13:59:50 PST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I noticed some recent research by Zhang et al on the insertion of
dynamic checks for integer-overflow-to-buffer-overflow (IO2BO)
vulnerabilities[1]. It looks like Zhang et al's implementation already
happens to use the LLVM framework, and I was wondering if any work has
been done to incorporate a feature like this into the trunk of Clang.
If so, could someone point me to where the code lives in the SVN tree?
If not, is anyone out there on the list doing something similar as a
side-project?
Much thanks,
- --Benjamin Schulz
* * *
[1] Zhang, Chao, Tielie Wang, Tao Wei, Yu Chen, and Wei Zou. "IntPath:
Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at
Compile-Time". ESORICS 2010.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOzBtWAAoJECT8Sbi31ptpuC0IAK2PrMbvJqgNyBx54CdfIb4i
Cwqgn1boP9tCB4+KH+jrRj9LaT8ZJmSnx+Nb725HjmhWBCS1mRDtL8qq+s11XMZQ
Nyh88Qj+uiPdf6Ok1YKlZOHosg6UNjLoE4twLENFbfU/lqN9baTt9u+Zc0ioaUA1
lJZVXrKCifytUKr6Ji0IMs8t4tTsU5XeyTRETisjBj1DruYPy2sZOdWPyqMv6tB0
fxVoruSyhj/ZIfNnhzXLJzhO30TJRrCYBsPmp2WyZTenj0HW7VqNqgRkgonDJNOk
uOMjFpzfgtHrAxVuyfuldyZJ98kOkXDSaXGPYwxBPnEqU2aEAq6L4/Y4EzBbHew=
=+XxK
-----END PGP SIGNATURE-----
More information about the cfe-dev
mailing list