WBSan: WebAssembly Bug Detection for Sanitization and Binary-Only Fuzzing

With the advancement of WebAssembly, abbreviated as Wasm, various memory bugs and undefined behaviors have emerged, leading to security issues that affect usability and portability. Existing methods struggle to detect these problems in Wasm binaries due to challenges associated with binary instrumentation and the difficulty of defining legal memory bounds. While sanitizers combined with fuzzing are recognized as effective means for identifying bugs, current Wasm sanitizers necessitate compile-time instrumentation, rendering them unsuitable for practical scenarios where only binaries are accessible. In this paper, we propose WBSan, the first Wasm binary sanitizer employing static analysis and Wasm binary instrumentation to detect memory bugs and undefined behaviors. We develop distinct instrumentation patterns tailored for each type of bug and introduce Wasm shadow memory to address complex memory bugs. Our results reveal that WBSan achieves a 16.8% false detection rate, outperforming current Wasm binary checkers and native sanitizers in detecting memory bugs and undefined behaviors. Furthermore, when compared with the binary-only fuzzer, WBSan uncovers more crashes and achieves greater code coverage. CCS Concepts • Security and privacy → Vulnerability scanners.