[cfe-dev] Implementation of IO2BO Dynamic Checks
kremenek at apple.com
Sun Nov 27 10:59:33 CST 2011
I could be mistaken, but I'm not aware of this work (IntPath) being integrated into Clang mainline, nor efforts from the authors to push it into mainline at this time.
There's a general interest in having work like this pushed back to mainline if (a) the quality of the code is up the standard of the codebase and (b) the work will be maintained after the initial check-in.
On Nov 22, 2011, at 1:59 PM, Benjamin Schulz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi all,
> I noticed some recent research by Zhang et al on the insertion of
> dynamic checks for integer-overflow-to-buffer-overflow (IO2BO)
> vulnerabilities. It looks like Zhang et al's implementation already
> happens to use the LLVM framework, and I was wondering if any work has
> been done to incorporate a feature like this into the trunk of Clang.
> If so, could someone point me to where the code lives in the SVN tree?
> If not, is anyone out there on the list doing something similar as a
> Much thanks,
> - --Benjamin Schulz
> * * *
>  Zhang, Chao, Tielie Wang, Tao Wei, Yu Chen, and Wei Zou. "IntPath:
> Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at
> Compile-Time". ESORICS 2010.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
More information about the cfe-dev