Extending Compiler-Based Security Checks for C Programs

Numerous vulnerabilities in C programs arise from the error prone need of manual memory management with the malloc routine. A plethora of tools aiming to automate bug finding evolved, targeting different stages of compilation and bug classes. This work gives an extensive overview of existing techniques and lays the focus on Symbolic Execution.

Arithmetic operations in arguments to malloc impose the risk of integer overflows which may cause vulnerabilities. The Clang Static Analyzer is therefore extended to find more such dangerous calculations at a lower false positive rate. A notable improvement can be observed, yet there are still distinct limitations of this approach.