Automatic memory leak vulnerability mining method based on risk code area
The invention provides an automatic memory leak vulnerability mining method based on a risk code area, and relates to the technical field of vulnerability mining. The method comprises the steps of extracting control flow information of a program by utilizing a static analysis technology, constructin...
Saved in:
Main Authors | , , , |
---|---|
Format | Patent |
Language | Chinese English |
Published |
09.04.2024
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | The invention provides an automatic memory leak vulnerability mining method based on a risk code area, and relates to the technical field of vulnerability mining. The method comprises the steps of extracting control flow information of a program by utilizing a static analysis technology, constructing CG and CFG of the program based on the control flow information, completing calculation of distance measurement based on the CG and CFG, finally completing instrumentation work of distance calculation pile codes and memory consumption pile codes, and collecting program running states through the pile codes in a fuzzy test process. And guiding a new round of fuzzy test work according to the operation state. According to the method, the memory leak vulnerability of the program can be effectively found, compared with an existing tool, the mining efficiency is higher, and POC of the vulnerability can be given; in addition, a seed scheduling mechanism based on a risk area can improve the fuzzy test efficiency in a mul |
---|---|
Bibliography: | Application Number: CN202410018790 |