Method for discovering memory destruction vulnerability based on natural language understanding function prototype
A natural language understanding and function technology, applied in the fields of electrical digital data processing, instrumentation, calculation, etc., can solve the problem of false negatives, and achieve the effect of reducing false negatives
Pending Publication Date: 2021-05-11
上海蜚语信息科技有限公司
View PDF0 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, in the actual software development process, software developers will not only use standard library memory management functions, but also third-party library memory management functions. In this case, the existing static source code vulnerability detection still only relies on standard The memory management functions of the library are not enough, and false negatives will occur in the actual static source code vulnerability detection
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0029] The source code is an example of a null pointer reference vulnerability in GraphicsMagick's picture management library code, that is, a memory corruption vulnerability. The following is the source code:
[0030]
[0031]
[0032] Among them, MagickAllocateMemory is a function used to allocate dynamic memory in the GraphicsMagick library, and the function prototype of MagickAllocateMemory is defined in File1;
[0033] The memory allocated by MagickAllocateMemory is assigned to the variable comment in the fourth line of File2; if the memory allocation fails, a null pointer is returned; then in the sixth line of File2, when the variable comment is not judged to be a null pointer, it is directly accessed. The memory pointed to by this pointer, resulting in a null pointer dereference vulnerability.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more PUM
Login to view more Abstract
The invention provides a method for discovering a memory destruction vulnerability based on a natural language understanding function prototype, and relates to the field of software security. The method comprises the following steps: 1, extracting a function prototype in a source code as a to-be-compared function prototype; 2, extracting corpora in the annotations to generate a self-adaptive corpus; 3, performing function prototype segmentation on the to-be-compared function prototype by using the adaptive corpus, and segmenting the to-be-compared function prototype into a group of words or phrases; 4, selecting a function prototype with known function semantics as a reference function prototype, and judging the type of the function prototype to be compared through the reference function prototype; and 5, marking the source code to be detected by using the matching information in the function matching list, and detecting the memory destructive vulnerability by taking the function vulnerability rule as the input of symbolic execution. In the method, the missing report generated in the static source code vulnerability detection is reduced by extracting the memory management function in the source code.
Description
technical field [0001] The invention relates to the field of software security, in particular to a method for discovering memory corruption loopholes based on natural language understanding function prototypes. Background technique [0002] A large part of the reason for memory corruption vulnerabilities is that software developers do not properly manage dynamic memory. Managing dynamic memory usually includes relatively complex memory management logic, so software developers usually use memory management functions for dynamic memory management. However, incorrect use of memory management functions can lead to memory destructive vulnerabilities (for example, after freeing memory, use this memory immediately and release the same memory repeatedly), in static source code vulnerability detection, detection Methods for memory corruption vulnerabilities include: pattern matching, symbolic execution, pointer analysis, etc. Effectively discovering possible memory corruption vulne...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more Application Information
Patent Timeline
Login to view more Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
CPCG06F11/3616
Inventor 王健强杨文博束骏亮李卷孺张媛媛
Owner 上海蜚语信息科技有限公司
Who we serve
- R&D Engineer
- R&D Manager
- IP Professional
Why Eureka
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Social media
Try Eureka
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap