Fine-grained localization of one-day vulnerabilities in stripped, highly optimized binaries remains challenging due to compiler heterogeneity, aggressive optimizations, and code similarity, leading to insufficient robustness and precision in existing approaches. Method: This paper proposes the first control-flow-graph (CFG)-based binary patch localization method. It extracts stable value features from patched code and its contextual CFG regions to enable robust cross-optimization-level and cross-compiler matching, and introduces a binary patch existence verification mechanism to suppress false positives. Contribution/Results: Evaluated on a dual-scale dataset comprising 73 CVEs, our method achieves an average detection rate of 88.2% and a false positive rate of 12.9%, outperforming state-of-the-art methods by 26.7% and 63.5%, respectively. It delivers high accuracy, low computational overhead, and strong practicality for real-world binary analysis.

1-day vulnerabilities in binaries have become a major threat to software security. Patch presence test is one of the effective ways to detect the vulnerability. However, existing patch presence test works do not perform well in practical scenarios due to the interference from the various compilers and optimizations, patch-similar code blocks, and irrelevant functions in stripped binaries. In this paper, we propose a novel approach named PLocator, which leverages stable values from both the patch code and its context, extracted from the control flow graph, to accurately locate the real patch code in the target function, offering a practical solution for real-world vulnerability detection scenarios. To evaluate the effectiveness of PLocator, we collected 73 CVEs and constructed two comprehensive datasets ($Dataset_{-irr}$ and $Dataset_{+irr}$), comprising 1,090 and 27,250 test cases at four compilation optimization levels and two compilers with three different experiments, i.e., Same, XO (cross-optimizations), and XC (cross-compilers). The results demonstrate that PLocator achieves an average TPR of 88.2% and FPR of 12.9% in a short amount of time, outperforming state-of-the-art approaches by 26.7% and 63.5%, respectively, indicating that PLocator is more practical for the 1-day vulnerability detection task.