| C/C++源程序缓冲区溢出漏洞的静态检测 |
| |
| 引用本文: | 杨小龙,刘坚. C/C++源程序缓冲区溢出漏洞的静态检测[J]. 计算机工程与应用, 2004, 40(20): 108-110 |
| |
| 作者姓名: | 杨小龙 刘坚 |
| |
| 作者单位: | 西安电子科技大学软件工程研究所,西安,710071;西安电子科技大学软件工程研究所,西安,710071 |
| |
| 摘 要: | 讨论了C/C++源程序中缓冲区溢出的常见表现;分析了其特性以及产生机理;提出了在源代码的AST上附加安全属性进行漏洞静态检测的方法;讨论了该方法的实现过程。
|
| 关 键 词: | 缓冲区溢出 整数值域判断 静态检测 AST |
| 文章编号: | 1002-8331-(2004)20-0108-03 |
Statically Detecting Likely Buffer Overflow Vulnerabilities in C/C++ Program |
| |
| Yang Xiaolong Liu Jian. Statically Detecting Likely Buffer Overflow Vulnerabilities in C/C++ Program[J]. Computer Engineering and Applications, 2004, 40(20): 108-110 |
| |
| Authors: | Yang Xiaolong Liu Jian |
| |
| Abstract: | The familiar representation of buffer overflow vulnerabilities is proposed.A analysis to the vulnerabilities'char-acteristics and how they work has been made.A method by adding the safe rules to sorcecode's AST is presented for statically detecting such problems.The approach's work-process is given. |
| |
| Keywords: | buffer overflow integer range constraint statically detect AST |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
