Delphi 中的内存损坏

  • Our Team and Code Review: Include Security's team is often asked to examine C and C++ apps due to lack of memory safety. Reviewing such code includes identifying bounds-checking etc. NSA's 2023 paper included Delphi/Object Pascal as "memory safe", but caveated it. The team wanted to show memory management issues in Delphi and provide tips.
  • What Is Delphi: Delphi is a set of dev tools and a dialect of Object Pascal. Originally by Borland, now by Embarcadero. Lazarus is a free open source IDE using Free Pascal and aiming to be Delphi-compatible. It's still used by some important companies.
  • Memory Corruption and Safety: Delphi is claimed to be memory-safe but is similar to C++ in memory safety. It supports arbitrary untyped pointers and unsafe pointer arithmetic. Examples show how memory corruption can lead to vulnerabilities.

    • Stack-Based Buffer Overflow: Tried writing a simple stack buffer overflow in Delphi. In debug mode, bounds-checking catches the overflow. In release mode, without bounds-checking, the code overwrites the return address. Tips include considering enabling "Runtime errors" flags in release mode. Some system library routines like System.FillChar etc. are dangerous.
    • The Heap and Use After Free: Examples show heap-based vulnerabilities. In one example, a string's memory is freed and then reallocated, leading to information disclosure. In another, an object's memory is freed and then reused, resulting in a use-after-free vulnerability.
  • Conclusion: These examples just scratch the surface. Suggestions for Delphi developers include avoiding dangerous routines, enabling "Runtime errors" flags, being cautious with dynamic object creation and freeing, initializing allocated memory, and not assuming Delphi is inherently safer. Appendix shows the code in Unit1.pas.
阅读 4
0 条评论