a checker for dangling string pointers in c
play

A checker for dangling string pointers in C++ in the Clang Static - PowerPoint PPT Presentation

Mar 08, 2023 •152 likes •257 views

A checker for dangling string pointers in C++ in the Clang Static Analyzer Rka Kovcs Mentors: Artem Dergachev Etvs Lornd University, Budapest, Hungary Gbor Horvth rekanikolett@gmail.com Real-world example return

  1. A checker for dangling string pointers in C++ in the Clang Static Analyzer Réka Kovács Mentors: Artem Dergachev Eötvös Loránd University, Budapest, Hungary Gábor Horváth rekanikolett@gmail.com

  2. Real-world example return std::to_string(size).c_str();

  3. Real-world example return std::to_string(size).c_str(); std::to_string() creates a temporary object the caller will receive a pointer to an already deallocated character buffer

  4. Real-world example * return std::to_string(size).c_str(); std::to_string() creates a temporary object the caller will receive a pointer to an already deallocated character buffer * found code like this in popular open-source projects

  5. cplusplus.InnerPointer Raw pointer to buffer obtained from string c_str(), data() Operation that re/deallocates the buffer dtor, =, +=, assign(), clear(), erase(), insert(), ... Use of the raw pointer ‘Inner pointer of container used after re/deallocation’

  6. cplusplus.InnerPointer Evaluated on a couple of open-source projects (+ dependencies): Bitcoin, Ceph, Harfbuzz, ICU, LibreOffice, LLVM, qBittorrent Found 3 true positives in Ceph, GPGME and Facebook’s RocksDB Reported & fixed within a day Found 0 false positives in these projects! Please try it out and give feedback!

  7. Future plans other STL / non-STL containers std::string_view

  8. How to use Analyze a project: Analyze one file: $ scan-build $ clang --analyze a.cpp Enabled by default Enabled by default

  9. Thanks! Final report: rnkovacs.github.io/gsoc2018 Réka Kovács / rekanikolett@gmail.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Dangling Pointers Periklis Akritidis --2010 Use-after-free Vulnerabilities Accessing Memory

Dangling Pointers Periklis Akritidis --2010 Use-after-free Vulnerabilities Accessing Memory

Cling: A Memory Allocator to Mitigate Dangling Pointers Periklis Akritidis --2010 Use-after-free Vulnerabilities Accessing Memory Through Dangling Pointers Techniques : Heap Spraying, Feng Shui Manual memory management is error prone

574 views • 35 slides
Preventing Use-after-free with Dangling Pointers Nullification Byoungyoung Lee , Chengyu Song,

Preventing Use-after-free with Dangling Pointers Nullification Byoungyoung Lee , Chengyu Song,

Preventing Use-after-free with Dangling Pointers Nullification Byoungyoung Lee , Chengyu Song, Yeongjin Jang Tielei Wang, Taesoo Kim, Long Lu, Wenke Lee Georgia Institute of Technology Stony Brook University Emerging Threat: Use-after-free

923 views • 43 slides
Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents

Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents

Dangling Pointer Dangling Pointer Jonathan Afek, 2/ 8/ 07, BlackHat USA 1 Table of Contents What is a Dangling Pointer? Code Injection Object Overriding Demonstrations Remediation Summary Q&A 2 What is a

543 views • 28 slides
arrays and strings: pointers and memory allocation Why not rely solely on string and Vector

arrays and strings: pointers and memory allocation Why not rely solely on string and Vector

arrays and strings: pointers and memory allocation Why not rely solely on string and Vector classes? how are string and Vector implemented? lower level access can be more efficient (but be leery of claims that C-style arrays/strings

297 views • 10 slides
Contiguous chunks of memory Arrays/strings: pointers and memory allocation int * a = new

Contiguous chunks of memory Arrays/strings: pointers and memory allocation int * a = new

Contiguous chunks of memory Arrays/strings: pointers and memory allocation int * a = new int[100]; Why not rely solely on string and vector classes? In C++ allocate using array form of new how are string and vector implemented? 0

196 views • 3 slides
The effects of dangling nodes on citation networks Erjia Yan & Ying Ding ISSI 2011 - June

The effects of dangling nodes on citation networks Erjia Yan & Ying Ding ISSI 2011 - June

The effects of dangling nodes on citation networks Erjia Yan & Ying Ding ISSI 2011 - June 30, 2011 Dangling nodes on the web Dangling nodes denote the nodes without outgoing links Some web pages do not contain any valid hyperlinks

467 views • 20 slides
Outerjoin = with tuples padded with R S R . / S dangling . / n ulls and

Outerjoin = with tuples padded with R S R . / S dangling . / n ulls and

Outerjoin = with tuples padded with R S R . / S dangling . / n ulls and included in the result. A tuple is dangling if it do esn't join with an y other tuple. = R A B 1 2 3 4 = S B C 2 5 2

185 views • 18 slides
Automatic Garbage Collection Reference counting Automatically free dead objects For each

Automatic Garbage Collection Reference counting Automatically free dead objects For each

Automatic Garbage Collection Reference counting Automatically free dead objects For each heap-allocated object, maintain count of # of pointers to object no dangling pointers , no storage leaks (maybe) when create object, ref count = 0

1.14k views • 5 slides
Automatic Garbage Collection Reference counting Automatically free dead objects For each

Automatic Garbage Collection Reference counting Automatically free dead objects For each

Automatic Garbage Collection Reference counting Automatically free dead objects For each heap-allocated object, maintain count of # of pointers to object no dangling pointers , no storage leaks (maybe) when create object, ref count = 0

246 views • 8 slides
Topic 7 1. Defining and using pointers 2. Arrays and pointers 3. C and C++ strings 4.

Topic 7 1. Defining and using pointers 2. Arrays and pointers 3. C and C++ strings 4.

Topic 7 1. Defining and using pointers 2. Arrays and pointers 3. C and C++ strings 4. Dynamic memory allocation 5. Arrays and vectors of pointers 6. Problem solving: draw a picture 7. Classes of objects 8. Pointers and objects

613 views • 21 slides
Class Five You havent run screaming yet... Lets do pointers! pointers are one of the

Class Five You havent run screaming yet... Lets do pointers! pointers are one of the

The Code Liberation Foundation Lecture 5 Pointers Class Five You havent run screaming yet... Lets do pointers! pointers are one of the most powerful things about c++ A pointer is a variable that holds the address of another

608 views • 22 slides
Pointers III: Struct & Pointers 1 Structures What is

Pointers III: Struct & Pointers 1 Structures What is

Pointers III: Struct & Pointers 1 Structures What is a structure? One or more values, called members, with possibly dissimilar types that are

531 views • 25 slides
Pointers III: Struct & Pointers 1 Structures What is

Pointers III: Struct & Pointers 1 Structures What is

Pointers III: Struct & Pointers 1 Structures What is a structure? One or more values, called members, with possibly dissimilar types that are

444 views • 26 slides
Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of

Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of

Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of Mozilla Sander van Geloven FOSDEM, Brussels February 1, 2020 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

611 views • 39 slides
Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3

Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3

Chapter 16 Pointers and Arrays Pointers and Arrays We've seen examples of both of these in our LC-3 programs; now we'll see them in C. Pointer Address of a variable in memory Allows us to indirectly access variables in other words,

1.1k views • 29 slides
Fundamentals of Programming Lecture 15 Hamed Rasifard 1 Outline Types of Pointers

Fundamentals of Programming Lecture 15 Hamed Rasifard 1 Outline Types of Pointers

Fundamentals of Programming Lecture 15 Hamed Rasifard 1 Outline Types of Pointers Arrays of Pointers Multiple Indirection Initializing Pointers Pointers to Functions Dynamic Memory Allocation 2 Types of Pointers

199 views • 19 slides
Developing cloud-native applications with Eclipse and the Spring Tool Suite Martin Lippert -

Developing cloud-native applications with Eclipse and the Spring Tool Suite Martin Lippert -

Developing cloud-native applications with Eclipse and the Spring Tool Suite Martin Lippert - Pivotal mlippert@pivotal.io @martinlippert back in time Applications of that time

352 views • 24 slides
FastBuild: Accelerating Docker Image Building for Efficient Development and Deployment of

FastBuild: Accelerating Docker Image Building for Efficient Development and Deployment of

FastBuild: Accelerating Docker Image Building for Efficient Development and Deployment of Container Zhuo Hua ng, Song J i a ng Song W u, Ha i J i n M a y 23, 2019 1 Outline Background and Motivation Design of FastBuild Evaluations

744 views • 18 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Lazy distribution of container images Current implementation status of containerd remote

Lazy distribution of container images Current implementation status of containerd remote

FOSDEM (February 1, 2020) Lazy distribution of container images Current implementation status of containerd remote snapshotter Akihiro Suda Credit to Kohei Tokunaga (NTT) for containerd impl. & benchmark scripts Summary Run containers

579 views • 35 slides
Nulecule Packaging, Distributing & Deploying Container Applications the Cloud Way 2016 -

Nulecule Packaging, Distributing & Deploying Container Applications the Cloud Way 2016 -

Nulecule Packaging, Distributing & Deploying Container Applications the Cloud Way 2016 - Ghent, Belgium Brian Exelbierd vpavlin@localhost $ su - bexelbie Container Tools Engineer @ Red Hat bexelbie@localhost $

880 views • 37 slides
RESPONSIVE DESIGN mobil e ma tu e rs CSS GRID TERMINOLOGY Lines Cell Area Vertical and

RESPONSIVE DESIGN mobil e ma tu e rs CSS GRID TERMINOLOGY Lines Cell Area Vertical and

CS498RK SPRING 2020 RESPONSIVE DESIGN mobil e ma tu e rs CSS GRID TERMINOLOGY Lines Cell Area Vertical and Rectangular space A single unit of a horizontal lines surrounded by four CSS Grid that divide the grid grid lines TERMINOLOGY

515 views • 30 slides
and more... The standard library is the collection of functions and types that is supplied with

and more... The standard library is the collection of functions and types that is supplied with

Containers, algorithms and more... The standard library is the collection of functions and types that is supplied with every standard-compliant C++ compiler What should be in the standard library? And equally important: what should not

929 views • 38 slides
Container Patterns Matthias Lbken plus give feedback GiantSwarm.io Simple Microservice

Container Patterns Matthias Lbken plus give feedback GiantSwarm.io Simple Microservice

Container Patterns Matthias Lbken plus give feedback GiantSwarm.io Simple Microservice Infrastructure build for developers. Deploy your containers in seconds. Scaling with your needs: Public, Private, On-Prem Docker is an

1.07k views • 59 slides

More recommend