WBSan: Webassembly Bug Detection for Sanitization and Binary-Only Fuzzing
Track: Security and privacy
Keywords: WebAssembly, Memory bug, Undefined behavior, Sanitizer, Binary-only fuzzing
Abstract: With the advancement of WebAssembly, abbreviated as Wasm, various memory bugs and undefined behaviors have emerged, leading to security issues and discrepancies that affect usability and portability. Existing methods struggle to detect these problems in Wasm binaries due to challenges associated with binary instrumentation and the difficulty of defining legal memory bounds. While sanitizers combined with fuzzing are recognized as effective means for identifying memory bugs and undefined behaviors, current Wasm sanitizers necessitate compile-time instrumentation, rendering them unsuitable for practical scenarios where only binaries are accessible. In this paper, we propose WBSan, the first Wasm binary sanitizer by employing static analysis and Wasm binary instrumentation to detect memory bugs and undefined behaviors. We develop distinct instrumentation patterns tailored for each type of memory issue and introduce Wasm shadow memory to address complex memory bugs. Our results reveal that WBSan achieves a 16.8\% false detection rate, outperforming current Wasm binary checkers and native sanitizers in detecting memory bugs and undefined behaviors. Furthermore, when compared with the binary-only fuzzer, WBSan uncovers more crashes (1,174 vs. 556) and achieves greater code coverage (162,385 vs. 22,237 unique search paths).
Submission Number: 1523
Loading