© University of Kent - Contact | Feedback | Legal | FOI | Cookies
Analyzing String Buffers in C
Axel Simon and Andy King
Technical Report 2-02, University of Kent, Computing Laboratory, February 2002.Abstract
A buffer overrun occurs in a C program when input is read into a buffer whose length exceeds that of the buffer. Overruns often lead to crashes and are a widespread form of security vulnerability. This paper describes an analysis for detecting overruns before deployment which is conservative in the sense that it locates every possible buffer overrun. The paper details the subtle relationship between overrun analysis and pointer analysis and explains how buffers can be modeled with a linear number of variables. As far as we know, the paper gives the first formal account of how this software and security problem can be tackled with abstract interpretation, setting it on a firm, mathematical basis.
Download publication 407 kbytes (PostScript)Bibtex Record
@techreport{1344,
author = {Axel Simon and Andy King},
title = {{A}nalyzing {S}tring {B}uffers in {C}},
month = {February},
year = {2002},
pages = {182-196},
keywords = {determinacy analysis, Craig interpolants},
note = {},
doi = {},
url = {http://www.cs.kent.ac.uk/pubs/2002/1344},
publication_type = {techreport},
submission_id = {22042_1013696413},
number = {2-02},
institution = {University of Kent, Computing Laboratory},
}