Memory leak is a common software vulnerability that can decrease the reliability of an application and,in severe cases,even cause program crashes.If there are intentionally triggerable memory leak vulnerabilities in a...Memory leak is a common software vulnerability that can decrease the reliability of an application and,in severe cases,even cause program crashes.If there are intentionally triggerable memory leak vulnerabilities in a program,attackers can exploit these bugs to launch denial-of-service attacks or induce the program to exhibit unexpected behaviors due to low memory conditions.Existing fuzzing techniques primarily focus on improving code coverage,and specialized fuzzing techniques for individual memory-related defects like uncontrolled memory allocation do not address memory leak vulnerabilities.MemLock is the first fuzzing technique to address memory consumption vulnerabilities including memory leakage.However,the coverage-centric guidance mechanism of MemLock introduces a degree of aimlessness in the testing process,that results in low seed quality and slow bug exposure speed.To address this issue,we propose a risk areas guidance-based fuzzing technique called RBZZER.First,RBZZER retains MemLock’s memory consumption-guided mechanism and introduces a novel distance-guided approach to expedite the arrival of fuzzing at the potential memory areas.Second,we introduce a new seed scheduling strategy called risk areas-based seed scheduling,which classifies seeds based on potential memory leak areas in the program and further schedules them,thereby effectively improving the efficiency of discovering memory leak vulnerabilities.Experiments demonstrate that RBZZER outperforms the state-of-the-art fuzzing techniques by finding 52%more program unique crashes than the second-best counterpart.In particular,RBZZER can discover the amount of memory leakage at least 112%more than the other baseline fuzzers.Besides,RBZZER detects memory leaks at an average speed that is 9.10x faster than MemLock.展开更多
基金supported by the National Key R&D Program of China(No.2021YFB3101803).
文摘Memory leak is a common software vulnerability that can decrease the reliability of an application and,in severe cases,even cause program crashes.If there are intentionally triggerable memory leak vulnerabilities in a program,attackers can exploit these bugs to launch denial-of-service attacks or induce the program to exhibit unexpected behaviors due to low memory conditions.Existing fuzzing techniques primarily focus on improving code coverage,and specialized fuzzing techniques for individual memory-related defects like uncontrolled memory allocation do not address memory leak vulnerabilities.MemLock is the first fuzzing technique to address memory consumption vulnerabilities including memory leakage.However,the coverage-centric guidance mechanism of MemLock introduces a degree of aimlessness in the testing process,that results in low seed quality and slow bug exposure speed.To address this issue,we propose a risk areas guidance-based fuzzing technique called RBZZER.First,RBZZER retains MemLock’s memory consumption-guided mechanism and introduces a novel distance-guided approach to expedite the arrival of fuzzing at the potential memory areas.Second,we introduce a new seed scheduling strategy called risk areas-based seed scheduling,which classifies seeds based on potential memory leak areas in the program and further schedules them,thereby effectively improving the efficiency of discovering memory leak vulnerabilities.Experiments demonstrate that RBZZER outperforms the state-of-the-art fuzzing techniques by finding 52%more program unique crashes than the second-best counterpart.In particular,RBZZER can discover the amount of memory leakage at least 112%more than the other baseline fuzzers.Besides,RBZZER detects memory leaks at an average speed that is 9.10x faster than MemLock.
