Practical Integer Overflow Prevention

Integer overflows in commodity software are a main source for software bugs, which can result in exploitable memory corruption vulnerabilities and may eventually contribute to powerful software based exploits, i.e., code reuse attacks (CRAs). In this paper, we present INTGUARD, a symbolic execution based tool that can repair integer overflows with high-quality source code repairs. Specifically, given the source code of a program, INTGUARD first discovers the location of an integer overflow error by using static source code analysis and satisfiability modulo theories (SMT) solving. INTGUARD then generates integer multiprecision code repairs based on modular manipulation of SMT constraints as well as an extensible set of customizable code repair patterns. We evaluated INTGUARD with 2052 C programs (≈1 Mil. LOC) available in the currently largest open-source test suite for C/C++ programs and with a benchmark containing large and complex programs. The evaluation results show that INTGUARD can precisely (i.e., no false positives are accidentally repaired), with low computational and runtime overhead repair programs with very small binary and source code blow-up. In a controlled experiment, we show that INTGUARD is more time-effective and achieves a higher repair success rate than manually generated code repairs.