| 发明名称 | System and method for protection from buffer overflow vulnerability due to placement new constructs in C++ | ||
| 摘要 | Systems and methods for protection from buffer overflow vulnerability due to placement new constructs in C++ are provided. A system for protecting from buffer overflow vulnerability due to placement new constructs, comprises a compiler which is capable of receiving a program including a placement new instruction, and runtime which is capable of receiving binary code from the compiler and determining whether the program includes the placement new instruction and whether the placement new instruction would lead to buffer overflow, wherein the runtime is linked to a library including methods for preventing the buffer overflow, and selects a method for preventing the buffer overflow if the runtime determines that the placement new instruction would lead to the buffer overflow. | ||
| 申请公布号 | US9081966(B2) | 申请公布日期 | 2015.07.14 |
| 申请号 | US201213723570 | 申请日期 | 2012.12.21 |
| 申请人 | International Business Machines Corporation | 发明人 | Christodorescu Mihai;Kundu Ashish;Mohindra Ajay |
| 分类号 | G06F21/52;G06F21/57 | 主分类号 | G06F21/52 |
| 代理机构 | Ryan, Mason & Lewis, LLP | 代理人 | Percello Louis J.;Ryan, Mason & Lewis, LLP |
| 主权项 | 1. A method for protecting from buffer overflow vulnerability due to placement new constructs, the method comprising: detecting whether there is an instruction in a program which would lead to buffer overflow; checking whether the instruction is a placement new instruction which would result in an object overwriting contents in a memory area; selecting a method for preventing the buffer overflow if the instruction is the placement new instruction which would result in the object overwriting the contents in the memory area, wherein the selected method prevents the buffer overflow from occurring by controlling an allocation of the object to permit placement of the object in one or more memory regions; wherein the selection of the method is based on at least one predetermined policy; wherein the selected method is selected from at least a first method and a second method; wherein the first method takes into consideration that a given execution of the program will not reach all parts of the object and comprises: populating a portion of the memory area allocated by the placement new instruction with less than a total of the object; andpopulating a remaining space of the memory area originally allocated to a remaining portion of the total of the object with a first handler routine; and wherein the second method comprises: allocating portions of the object to respective memory regions, wherein the respective memory regions are in different systems; andinvoking a second handler routine if enough free space is not available to accommodate the total of the object. | ||
| 地址 | Armonk NY US | ||