Sanitize, Fuzz, and Harden Your C++ Code

Explore dynamic testing tools for C and C++ in this 20-minute conference talk from USENIX Enigma 2016. Dive into the Sanitizers family, including AddressSanitizer, which detect various bugs through compile-time instrumentation. Learn about libFuzzer for in-process control- and data-flow guided fuzzing to improve test coverage. Discover security hardening techniques for production binaries, such as Control Flow Integrity and Safe Stack, to protect against memory corruption and stack buffer overflows. Gain insights into detecting and mitigating issues like use-after-free, buffer overflows, data races, uninitialized memory usage, and integer overflows in both user space and kernel applications.

Introduction
Bugs
Traditional Memory Corruption
Buffer Overflow
Link Time Optimization
Stack Buffer Overflow
Stack Buffer Overflow Mitigation
Safe Stack
Linux Kernel
Conclusion