EffectiveSan: Type and Memory Error Detection using Dynamically Typed C/C++
share
Low-level programming languages such as C and C++ are vulnerable to errors related to the misuse of memory. Such errors include bounds overflows, sub-object bounds overflows, use-after-free, "reuse"-after-free and type confusion. These errors account for many of the exploits in programs implemented in such unsafe languages. Most bug detection tools (sanitizers) tend to focus only on detecting specific classes of errors, e.g. bounds overflow or type confusion only. In this paper, we present a new type confusion and memory error sanitizer based on dynamically checking the "effective type" (a.k.a. the dynamic type) of C/C++ objects at runtime. We show that this "effective type sanitizer" (EffectiveSan) can detect the memory misuse errors mentioned above, all while using the same underlying methodology (dynamic typing). Our approach uses a combination of low-fat pointers, type meta data and type check instrumentation. We also have a novel approach to preventing sub-object bound overflow errors leveraging on the C/C++ types. We show EffectiveSan finds type confusion, (sub-)object bounds overflow, and use-after-free bugs in the SPEC2006 benchmark suite.
READ FULL TEXT