Undangle: Early detection of dangling pointers in use-after-free and double-free vulnerabilities

Juan Caballero, Gustavo Grieco, Mark Marron, Antonio Nappa

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

135 Scopus citations

Abstract

Use-after-free vulnerabilities are rapidly growing in popularity, especially for exploiting web browsers. Use-after-free (and double-free) vulnerabilities are caused by a program operating on a dangling pointer. In this work we propose early detection, a novel runtime approach for finding and diagnosing use-after-free and double-free vulnerabilities. While previous work focuses on the creation of the vulnerability (i.e., the use of a dangling pointer), early detection shifts the focus to the creation of the dangling pointer(s) at the root of the vulnerability. Early detection increases the effectiveness of testing by identifying unsafe dangling pointers in executions where they are created but not used. It also accelerates vulnerability analysis and minimizes the risk of incomplete fixes, by automatically collecting information about all dangling pointers involved in the vulnerability. We implement our early detection technique in a tool called Undangle. We evaluate Undangle for vulnerability analysis on 8 real-world vulnerabilities. The analysis uncovers that two separate vulnerabilities in Firefox had a common root cause and that their patches did not completely fix the underlying bug. We also evaluate Undangle for testing on the Firefox web browser identifying a potential vulnerability.

Original languageEnglish
Title of host publication2012 International Symposium on Software Testing and Analysis, ISSTA 2012 - Proceedings
Pages133-143
Number of pages11
DOIs
StatePublished - 2012
Event21st International Symposium on Software Testing and Analysis, ISSTA 2012 - Minneapolis, MN, United States
Duration: Jul 15 2012Jul 20 2012

Publication series

Name2012 International Symposium on Software Testing and Analysis, ISSTA 2012 - Proceedings

Conference

Conference21st International Symposium on Software Testing and Analysis, ISSTA 2012
Country/TerritoryUnited States
CityMinneapolis, MN
Period7/15/127/20/12

Keywords

  • Automated testing
  • binary analysis
  • debugging
  • dynamic analysis

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Undangle: Early detection of dangling pointers in use-after-free and double-free vulnerabilities'. Together they form a unique fingerprint.

Cite this