Zero-sized heap allocations vulnerability analysis

  • Authors:
  • Julien Vanegue

  • Affiliations:
  • Microsoft Security Engineering Center, Redmond, WA

  • Venue:
  • WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

In this article, we discuss a source of security vulnerabilities related to zero-sized heap allocations. We present a feasibility study to show the use of a theorem prover based extended static checker to help code audit to find these vulnerabilities. We employed this tool to uncover around 10 local and remote untrusted code execution vulnerabilities in three core OS components. We highlight the benefits, the challenges faced and outstanding problems to enable wider use. Additional manual code review of remotely exposed software suggests that zero and near-zero allocations are particularly difficult to handle for developers.