Home >Operation and Maintenance >Safety >How to implement vulnerability analysis caused by use after release of C++ program
When dynamically allocated memory is released, the content of the memory is uncertain and may remain intact and accessible, because when it is re- It is the memory manager's decision to allocate or deallocate a freed memory block, but it is possible that the contents of that memory have been changed, causing unexpected program behavior. Therefore, when the memory is released, it is guaranteed that it will no longer be written to or read from.
Problems caused by improper memory management are common vulnerabilities in C/C programs. Use after free can lead to potential exploitable risks, including abnormal program termination, arbitrary code execution, and denial of service attacks. From January to November 2018, there were a total of 134 vulnerability information related to it in CVE. Some of the vulnerabilities are as follows:
Vulnerability Overview | |
---|---|
A use-after-free vulnerability exists in the Artifex Mupdf version of fz_keep_key_storable that could lead to a denial of service or code execution issue. The vulnerability could be exploited by tricking a victim into opening a specially crafted PDF file. | |
There is a use-after-free vulnerability in the HTMLImportsController of the Blink engine in versions prior to Google Chrome 70.0.3538.67, which is likely to lead to remote attacks The author exploits the heap corruption issue through a specially constructed HTML page. | |
A release exists in Adobe Acrobat and Reader 2018.011.20063 and earlier versions, 2017.011.30102 and earlier versions, 2015.006.30452 and earlier versions Later use of vulnerabilities. A remote attacker could exploit this vulnerability to execute arbitrary code. |
(1) Be sure to set a null pointer when releasing memory. Although this method has limited effectiveness for utilizing multiple or complex data structures, But some problems can be avoided to a certain extent. (2) When allocating or releasing memory in a loop statement, you need to carefully confirm whether there is a problem. (3) Use source code static analysis tools for automated detection, which can effectively discover post-release usage issues in the source code.
The above is the detailed content of How to implement vulnerability analysis caused by use after release of C++ program. For more information, please follow other related articles on the PHP Chinese website!