Practical Integer Overflow Prevention

TL;DR

IntGuard is a tool that automatically detects and repairs integer overflows in C programs using static analysis and SMT solving, improving software security with minimal code changes.

Contribution

The paper introduces IntGuard, a novel tool that automates the detection and repair of integer overflows with high precision and efficiency, outperforming manual repairs.

Findings

Successfully repaired over 2000 C programs with minimal overhead.

Achieved higher repair success rate than manual fixes.

No false positives in overflow detection.

Abstract

Integer overflows in commodity software are a main source for software bugs, which can result in exploitable memory corruption vulnerabilities and may eventually contribute to powerful software based exploits, i.e., code reuse attacks (CRAs). In this paper, we present IntGuard , a tool that can repair integer overflows with high-quality source code repairs. Specifically, given the source code of a program, IntGuard first discovers the location of an integer overflow error by using static source code analysis and satisfiability modulo theories (SMT) solving. IntGuard then generates integer multi-precision code repairs based on modular manipulation of SMT constraints as well as an extensible set of customizable code repair patterns. We have implemented and evaluated IntGuard with 2052 C programs (approx. 1 Mil. LOC) available in the currently largest open- source test suite for C/C++ programs and with a benchmark containing large and complex programs. The evaluation results show that IntGuard can precisely (i.e., no false positives are accidentally repaired), with low computational and runtime overhead repair programs with very small binary and source code blow-up. In a controlled experiment, we show that IntGuard is more time-effective and achieves a higher repair success rate than manually generated code repairs.