HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities

Zekun Shen, Brendan Dolan-Gavitt

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Use-after-free (UAF) vulnerabilities, in which dangling pointers remain after memory is released, remain a persistent problem for applications written in C and C++. In order to protect legacy code, prior work has attempted to track pointer propagation and invalidate dangling pointers at deallocation time, but this work has gaps in coverage, as it lacks support for tracking program variables promoted to CPU registers. Moreover, we find that these gaps can significantly hamper detection of UAF bugs: in a preliminary study with OSS-Fuzz, we found that more than half of the UAFs in real-world programs we examined (10/19) could not be detected by prior systems due to register promotion. In this paper, we introduce HeapExpo, a new system that fills this gap in coverage by parsimoniously identifying potential dangling pointer variables that may be lifted into registers by the compiler and marking them as volatile. In our experiments, we find that HeapExpo effectively detects UAFs missed by other systems with an overhead of 35% on the majority of SPEC CPU2006 and 66% when including two benchmarks that have high amounts of pointer propagation.

    Original languageEnglish (US)
    Title of host publicationProceedings - 36th Annual Computer Security Applications Conference, ACSAC 2020
    PublisherICST
    Pages454-465
    Number of pages12
    ISBN (Electronic)9781450388580
    DOIs
    StatePublished - Dec 7 2020
    Event36th Annual Computer Security Applications Conference, ACSAC 2020 - Virtual, Online, United States
    Duration: Dec 7 2020Dec 11 2020

    Publication series

    NameACM International Conference Proceeding Series

    Conference

    Conference36th Annual Computer Security Applications Conference, ACSAC 2020
    Country/TerritoryUnited States
    CityVirtual, Online
    Period12/7/2012/11/20

    Keywords

    • Dangling pointers
    • memory errors
    • use-after-free

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Information Systems
    • Computer Science Applications
    • Health Informatics

    Fingerprint

    Dive into the research topics of 'HeapExpo: Pinpointing Promoted Pointers to Prevent Use-After-Free Vulnerabilities'. Together they form a unique fingerprint.

    Cite this