As a kind of leak hidden in software, buffer overflow threatens software’s safety. Hackers can attack the software in order to control the system or steal secrets using this hole. According to statistics, this kind of leak using buffer overflow leak has already occupied more than half of the attack on internet. At first this article analyzes buffer overflow’s principle, then gives its fault model, at last puts forward code automatic detection algorithm based on static analysis. This paper lays a foundation for fault detection and prevention.% 缓冲区溢出作为系统或程序自身存在的一种漏洞对系统或软件安全造成了潜在威胁,黑客可以轻易利用这一漏洞进行攻击,以达到控制系统或窃取秘密的目的。据统计,利用缓冲区溢出漏洞进行的攻击已经占到了互联网攻击总数的一半以上。文章在对缓冲区溢出原理进行分析的基础上,给出了缓冲区溢出的故障模型,并提出了基于静态分析的代码自动检测算法,为故障发现及预防奠定了基础。
展开▼
