Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Apparatus for String Overflow Exploitability Verification Using Static Analysis

IP.com Disclosure Number: IPCOM000201330D
Publication Date: 2010-Nov-11
Document File: 3 page(s) / 37K

Publishing Venue

The IP.com Prior Art Database

Abstract

An apparatus is configured to reduce the false positives in the string overflow issues flagged by the static source code analysis tool. The apparatus in this invention produces a list of the confirmed exploitable string overflow issues by performing the taint analysis and overlapping the taint analysis with the string overflow analysis results generated from the static source code analysis tool.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 54% of the total text.

Apparatus for String Overflow Exploitability Verification Using Static Analysis

Komal Randive

Symantec Corporation

Abstract

An apparatus is configured to reduce the false positives in the string overflow issues flagged by the static source code analysis tool.  The apparatus in this invention produces a list of the confirmed exploitable string overflow issues by performing the taint analysis and overlapping the taint analysis with the string overflow analysis results generated from the static source code analysis tool.

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.  For a full list of Symantec trademarks, please visit

http://www.symantec.com/about/profile/policies/trademarks/currentlist.jsp

Any Symantec products described in this document are distributed under licenses restricting their use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Symantec Corporation

350 Ellis Street

Mountain View, CA 94043

United States

http://www.symantec.com

Apparatus for String Overflow Exploitability Verification Using Static Analysis

Problem Statement

The static source code analysis tool flags a large number of issues in the source code.  Most...