[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SOT: a possible "compilers lab" experiment
hi, all you parsers/compilers writters be and wanna-be,
here is a little thought:
as we all know, many programs suffer from buffer overflows with regards to
their local variables. It occured to me that trying to automatically
identifying such places where an overflow might occure, is a problem
similar to that of optimizing out computer programs - we need to parse the
program, find all occurences of local variables representing character
arrays or local structures that contain character arrays, and trace
their usage in order to find if they might be overflowed. For each
such variable, if it is being modified to contain data that was not
previously "pured" using a checking funciton (such as strlen,
strncpy, checking of null characters after a given position, etc), we
could emit a warning saying this variable is not secure. this is ofcourse
just the basics, but someone with familiarity with compilation techniques
would probbaly get the idea by now. note that it is similar to how
"tainted perl" works, but a little more complex.
i checked out 'lint' on redhat 4.2, and it does not seem to have support
for such checking. i think this could serve as an interesting "compilation
lab" experiment for someone taking a compilation lab course in the
technion (or its equivalent in other universities).
if any one is interested in the idea and would want to discuss it, please
mail me directly.
thanks,
guy