A preliminary study on common programming mistakes that lead to buffer overflow vulnerability

Giovanni George, Jeremiah Kotey, Megan Ripley, Kazi Zakia Sultana, Zadia Codabux

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

When vulnerabilities are exploited, the impact can be insignificant or detrimental, depending on the attack’s nature. Research found that buffer overflow is one of the most widespread and frequently reported vulnerabilities that result in system crashes. This study investigates the frequent errors in the source code of production software that lead to buffer overflow such that its causes can be determined. The findings of the study can help guide developers to avoid these programming errors. Therefore, our study’s primary objective is to analyze vulnerable code components of software repositories and extract the developers’ frequent programming mistakes that have resulted in a buffer overflow attack. Sixteen vulnerable code components and relevant resolutions were selected from three popular and well-known systems: Android, Eclipse, and Red Hat, to be analyzed. The results show that lack of input sanitization, improper checking of array bounds and parameters, and the lack of value and range checks on variables are the most common programming issues that lead to a buffer overflow in these systems. We also found improper use of “If” and “While” loop conditions frequently contributed to the errors in bounds and variable checks.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021
EditorsW. K. Chan, Bill Claycomb, Hiroki Takakura, Ji-Jiang Yang, Yuuichi Teranishi, Dave Towey, Sergio Segura, Hossain Shahriar, Sorel Reisman, Sheikh Iqbal Ahamed
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1375-1380
Number of pages6
ISBN (Electronic)9781665424639
DOIs
StatePublished - Jul 2021
Event45th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2021 - Virtual, Online, Spain
Duration: 12 Jul 202116 Jul 2021

Publication series

NameProceedings - 2021 IEEE 45th Annual Computers, Software, and Applications Conference, COMPSAC 2021

Conference

Conference45th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2021
Country/TerritorySpain
CityVirtual, Online
Period12/07/2116/07/21

Keywords

  • Buffer overflow
  • Programming mistakes
  • Software vulnerability

Cite this