Abstract

Heap-based temporal vulnerabilities (i.e., use-after-free, double-free and null pointer dereference) are highly sensitive to heap operation (e.g., memory allocation, deallocation and access) sequences. To efficiently find such vulnerabilities, traditional code coverage-guided fuzzing solutions could be promoted by integrating heap operation sequence feedback. But current sequence sensitive solutions have limitations in practice.