Statically detect invalid pointer dereference vulnerabilities in binary software

The invalid pointer dereference vulnerabilities exist in binary software result from inadequate security check, and these vulnerabilities can be grouped by specific characteristics. In this paper, we have extracted three typical invalid pointer dereference vulnerability patterns from real-world vulnerabilities, and then we put forward a novel method to detect these vulnerabilities for binary software which builds upon pattern-matched static analysis. We also implemented our prototype system and the evaluation results show that our detection method can detect the invalid pointer dereference vulnerabilities that exist in binary software effectively.