A first step in a known method to breach security of a computer is to provide data to an application running on the computer, wherein the data provided results in the application making a request for a memory allocation. Frequently, such applications are forward-facing, e.g. the applications are configured for contacting other computers via the Internet, which provides opportunities for such data to be provided. In particular, the data provided to the application typically results in calculations by the application, which determine an appropriate size of the memory allocation request and subsequently copying of the provided data to that allocated area. A copy into a too-small area can breach the security of the machine. Accordingly, a goal of those trying to breach the security is to cause the calculation of the size of the memory allocation request to result in an integer overflow, thereby truncating the size of the memory request. Where this goal is accomplished, a memory allocation request may be made by the application to the operating system that is much smaller than appropriate. Accordingly, a buffer created using the memory allocation is actually much smaller than it is understood by the application to be, and buffer overrun of the small allocation may result. Such a buffer overrun potentially puts malicious executable code into an executable location.
As a result, attempts are made to rigorously test applications, so that buffer overruns are prevented. Testing applications may be integrated with the tested application, performing what may be called “fuzzing,” i.e. a process by which different input data is sequentially fed to the application to see if the application handles the data without failure. In particular, testing procedures involve repeatedly providing test data to applications, thereby testing the calculations of memory size allocations under a variety of conditions. For example, where the application is an Internet browsing application, a variety of different web pages may be provided as a test of the application's ability to avoid buffer overrun conditions. However, potentially damaging data, in which input to the application results in a buffer overrun, is difficult to determine by what is essentially a trial-and-error method.
Fortunately, for reasons of computer security and operability generally, integer overflows occur only in rare circumstances. However, this infrequency means that testing for integer overflow conditions is very difficult; the input must create extremely unlikely circumstances. As a result, many security problems are revealed only after the application within which the problems arose has been used extensively by consumers. If the problem is known to hackers, then it may be used to introduce malicious executable code into the system.
Accordingly, a need exists for better ways to test and/or operate software, and in particular, to reduce and/or eliminate security breaches.