Automatic memory leak vulnerability mining method based on risk code area

The invention provides an automatic memory leak vulnerability mining method based on a risk code area, and relates to the technical field of vulnerability mining. The method comprises the steps of extracting control flow information of a program by utilizing a static analysis technology, constructin...

Full description

Saved in:
Bibliographic Details
Main Authors XIE CHEN, JIA PENG, LIU JIAYONG, KUANG HONGBO
Format Patent
LanguageChinese
English
Published 09.04.2024
Subjects
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online AccessGet full text

Cover

More Information
Summary:The invention provides an automatic memory leak vulnerability mining method based on a risk code area, and relates to the technical field of vulnerability mining. The method comprises the steps of extracting control flow information of a program by utilizing a static analysis technology, constructing CG and CFG of the program based on the control flow information, completing calculation of distance measurement based on the CG and CFG, finally completing instrumentation work of distance calculation pile codes and memory consumption pile codes, and collecting program running states through the pile codes in a fuzzy test process. And guiding a new round of fuzzy test work according to the operation state. According to the method, the memory leak vulnerability of the program can be effectively found, compared with an existing tool, the mining efficiency is higher, and POC of the vulnerability can be given; in addition, a seed scheduling mechanism based on a risk area can improve the fuzzy test efficiency in a mul
Bibliography:Application Number: CN202410018790