Fast Fuzzing for Memory Errors

by   Jinsheng Ba, et al.

Greybox fuzzing is a proven effective testing method for the detection of security vulnerabilities and other bugs in modern software systems. Greybox fuzzing can also be used in combination with a sanitizer, such as AddressSanitizer (ASAN), to further enhance the detection of certain classes of bug such as buffer overflow and use-after-free errors. However, sanitizers also introduce additional performance overheads, and this can degrade the performance of greybox fuzzing – measured in the order of 2.36x for fuzzing with ASAN – potentially negating the benefit of using a sanitizer in the first place. Recent research attributes this to extra overheads to additional page faults that are generated when the disjoint sanitizer metadata is accessed at runtime. In this paper, we present a new design that can detect memory errors without a proliferation of page faults. The basic idea is to track memory validity using randomized tokens that are stored directly in the memory itself, rather than in disjoint metadata. All read/write operations are instrumented to check for the token, and if present, a memory error will be detected. We implement our design in the form of the ReZZan – a sanitizer specifically optimized for fuzz testing. Since there is no disjoint metadata access, no additional page faults are generated, minimizing the performance overhead to around 1.14-1.27x (depending on the configuration).


page 1

page 2

page 3

page 4


EffectiveSan: Type and Memory Error Detection using Dynamically Typed C/C++

Low-level programming languages such as C and C++ are vulnerable to erro...

FIFO anomaly is unbounded

Virtual memory of computers is usually implemented by demand paging. For...

Practical Byte-Granular Memory Blacklisting using Califorms

Recent rapid strides in memory safety tools and hardware have improved s...

Fat Pointers for Temporal Memory Safety of C

Temporal memory safety bugs, especially use-after-free and double free b...

Addressing multiple bit/symbol errors in DRAM subsystem

As DRAM technology continues to evolve towards smaller feature sizes and...

xTag: Mitigating Use-After-Free Vulnerabilities via Software-Based Pointer Tagging on Intel x86-64

Memory safety in complex applications implemented in unsafe programming ...

DangKiller: Eliminating Dangling Pointers Efficiently via Implicit Identifier

Use-After-Free vulnerabilities, allowing the attacker to access unintend...

Please sign up or login with your details

Forgot password? Click here to reset