Abstract:
With the Internet advances further, people pay more and more attention to information security. Particularly, buffer overflow has become one of the best-known software security vulnerabilities. In terms of source code, software security vulnerabilities can be caused in two ways, data-copy-related and format-control-string-related function calls. This paper summarizes the common functions which are prone to risk buffer overflows, and introduces an algorithm of how to compute the length of formatted string variables when calling the formatted input/output functions. It also proposes a method of buffer overflow detection based on static code analysis. The detection method models the source code firstly by creating its abstract syntax tree, symbol table, control flow graph and function call graph. Based on these models, the value range of variables and expressions in each program point is computed by interval calculation, and when encountering a function call, the function’s summary is applied as a stand-in for the function. This method is scalable by allowing user to add functions under test in configure files. Experiments on open source project show that it would detect buffer overflow efficiently, and its output has both a lower false positive rate and a lower false negative rate than another testing tool, Klocwork K8.