Temporal memory safety bugs, especially use-after-free and double free bugs, pose a major security threat to C programs. Real-world exploits utilizing these bugs enable attackers to read and write arbitrary memory locations, causing disastrous violations of confidentiality, integrity, and availability. Many previous solutions retrofit temporal memory safety to C, but they all either incur high performance overhead and/or miss detecting certain types of temporal memory safety bugs. In this paper, we propose a temporal memory safety solution that is both efficient and comprehensive. Specifically, we extend Checked C, a spatially-safe extension to C, with temporally-safe pointers. These are implemented by combining two techniques: fat pointers and dynamic key-lock checks. We show that the fat-pointer solution significantly improves running time and memory overhead compared to the disjoint-metadata approach that provides the same level of protection. With empirical program data and hands-on experience porting real-world applications, we also show that our solution is practical in terms of backward compatibility -- one of the major complaints about fat pointers.

翻译：时间内存安全缺陷，特别是释放后使用和双重释放缺陷，对C程序构成了重大安全威胁。利用这些缺陷的真实世界漏洞使攻击者能够读写任意内存位置，导致对保密性、完整性和可用性的灾难性破坏。许多先前的解决方案试图为C语言提供时间内存安全，但它们要么引入高额性能开销，要么遗漏检测某些类型的时间内存安全缺陷。在本文中，我们提出一种既高效又全面的时间内存安全解决方案。具体而言，我们将Checked C（一种空间安全的C语言扩展）扩展到具有时间安全指针。这些指针通过结合两种技术实现：胖指针和动态密钥-锁检查。我们证明，与提供相同保护级别的分离元数据方法相比，胖指针方法显著降低了运行时间和内存开销。通过经验性程序数据和移植真实世界应用的实践经验，我们还表明该解决方案在向后兼容性方面具有实用性——这是胖指针的主要批评点之一。