Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for discovering memory destruction vulnerability based on natural language understanding function prototype

A natural language understanding and function technology, applied in the fields of electrical digital data processing, instrumentation, calculation, etc., can solve the problem of false negatives, and achieve the effect of reducing false negatives

Pending Publication Date: 2021-05-11
上海蜚语信息科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the actual software development process, software developers will not only use standard library memory management functions, but also third-party library memory management functions. In this case, the existing static source code vulnerability detection still only relies on standard The memory management functions of the library are not enough, and false negatives will occur in the actual static source code vulnerability detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for discovering memory destruction vulnerability based on natural language understanding function prototype
  • Method for discovering memory destruction vulnerability based on natural language understanding function prototype
  • Method for discovering memory destruction vulnerability based on natural language understanding function prototype

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0029] The source code is an example of a null pointer reference vulnerability in GraphicsMagick's picture management library code, that is, a memory corruption vulnerability. The following is the source code:

[0030]

[0031]

[0032] Among them, MagickAllocateMemory is a function used to allocate dynamic memory in the GraphicsMagick library, and the function prototype of MagickAllocateMemory is defined in File1;

[0033] The memory allocated by MagickAllocateMemory is assigned to the variable comment in the fourth line of File2; if the memory allocation fails, a null pointer is returned; then in the sixth line of File2, when the variable comment is not judged to be a null pointer, it is directly accessed. The memory pointed to by this pointer, resulting in a null pointer dereference vulnerability.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for discovering a memory destruction vulnerability based on a natural language understanding function prototype, and relates to the field of software security. The method comprises the following steps: 1, extracting a function prototype in a source code as a to-be-compared function prototype; 2, extracting corpora in the annotations to generate a self-adaptive corpus; 3, performing function prototype segmentation on the to-be-compared function prototype by using the adaptive corpus, and segmenting the to-be-compared function prototype into a group of words or phrases; 4, selecting a function prototype with known function semantics as a reference function prototype, and judging the type of the function prototype to be compared through the reference function prototype; and 5, marking the source code to be detected by using the matching information in the function matching list, and detecting the memory destructive vulnerability by taking the function vulnerability rule as the input of symbolic execution. In the method, the missing report generated in the static source code vulnerability detection is reduced by extracting the memory management function in the source code.

Description

technical field [0001] The invention relates to the field of software security, in particular to a method for discovering memory corruption loopholes based on natural language understanding function prototypes. Background technique [0002] A large part of the reason for memory corruption vulnerabilities is that software developers do not properly manage dynamic memory. Managing dynamic memory usually includes relatively complex memory management logic, so software developers usually use memory management functions for dynamic memory management. However, incorrect use of memory management functions can lead to memory destructive vulnerabilities (for example, after freeing memory, use this memory immediately and release the same memory repeatedly), in static source code vulnerability detection, detection Methods for memory corruption vulnerabilities include: pattern matching, symbolic execution, pointer analysis, etc. Effectively discovering possible memory corruption vulne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F11/36
CPCG06F11/3616
Inventor 王健强杨文博束骏亮李卷孺张媛媛
Owner 上海蜚语信息科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com