Automated Generation of Buffer Overflow Quick Fixes Using Symbolic Execution and SMT

In many C programs, debugging requires significant effort and can consume a lot of time. Even if the bug’s cause is known, detecting a bug in such programs and generating a bug fix patch manually is a tedious task. In this paper, we present a novel approach used to generate bug fixes for buffer overflow automatically using static execution, code patch patterns, quick fix locations, user input saturation and Satisfiability Modulo Theories (SMT). The generated patches are syntactically correct, can be semi-automatically inserted into code and do not need additional human refinement. We evaluated our approach on 58C open source programs contained in the Juliet test suite and measured an overhead of 0.59% with respect to the bug detection time. We think that our approach is generalizable and can be applied with other bug checkers that we developed.