LAUSR

Memory corruption diagnosis, especially at the binary level where all high-level program abstractions are missing, is a tedious and time-consuming task. Given a crash, memory corruption diagnosis is expected to not only locate the root cause of the vulnerability, but also deliver rich semantics to understand the vulnerability. However, existing techniques can barely satisfy the above requirements. In this article, we present ${{\sf MemRay}}$MemRay, a dynamic memory corruption diagnosis technique. The insight behind our approach is that most memory corruption is caused by malformed inputs, which further leads the vulnerable program to manipulate inputs by referencing invalid data structures. We design the “data structure reference sequence” to characterize how a program references various data structures to manipulate program inputs. Then, we identify memory corruptions by detecting violations in the input manipulations via data structures. We demonstrate the effectiveness of ${{\sf MemRay}}$MemRay on a wide range of memory-corruption vulnerabilities. The result shows that ${{\sf MemRay}}$MemRay precisely locates the root cause of vulnerabilities. Moreover, the “data structure reference” enables ${{\sf MemRay}}$MemRay to deliver rich semantics and context information to assist vulnerability diagnosis on binary code.