格式化字符串漏洞自动检测与测试用例生成.

The format string vulnerability is a kind of software vulnerability which has high risk and wide impact. Currently, there are many limitations of vulnerability detection method, such as high degree of artificial dependence, high false positive rate, single detection model and failing to consider the characteristics of the format string vulnerability fully. To solve above problems, this paper analyzed the format string vulnerability. Based on symbolic execution, the paper designed and produced a way to detect formatted string vulnerability and generate test cases automatically. This method detected the existence of the format string vulnerability in Linux binary program automatically and determined whether it could lead to harm, which allowed attackers to read or write arbitrary memory. Meanwhile it generated stable and effective test cases. [ABSTRACT FROM AUTHOR]