资 源 简 介
Author
| Kristov Widak | Twitter: @krsec | E-mail: k [mylastname] [at] gmail.com |
|:--------------|:----------------|:----------------------------------------|
Description
A set of scripts that aims to speed up auditing C files manually for heap-based vulnerabilities.
FAQ:
1. How does this search for heap-based vulnerabilities?
It uses regular expressions to crudely parse through C code. Currently it only looks for problems that arise locally in a single function body. For example:
somefunc() { ... free(var); ... free(var);//double-free}
It does not compute a call-graph and therefore cannot detect bugs that span function calls. I have some aspirations to add this in the future to significantly improve its utility.
2. Why use regular