Lightning:Safer C, Address Sanitizer and Fuzzing
Description | Address Sanitizer is a powerful compiler feature that allows a certain level of memory safety in C. It is intended to be used to find bugs, but I want to try running it in production. |
---|---|
Slides | http://int21.de/slides/asan-cccamp15.pdf |
Website(s) | https://fuzzing-project.org/ |
Tags | memorycorruption, addresssanitizer, asan, fuzzing, c, memsafe, linux, gcc, clang, llvm |
Person organizing | User:hanno |
Contact: | hanno@hboeck.de |
Language | en - English |
Duration | 5 |
Desired session | Day 2 |
Desired timeframe | 16:00/4PM |
Address Sanitizer is a feature of gcc and clang/llvm that allows a certain level of memory safety in C applications. It is a powerful tool and is responsible for the discovery of hundreds of bugs.
I've recently started to create a Linux system (Gentoo-based) where everything except a few core packages is built with Address Sanitizer. Just by doing this I find bugs in important applications, but it could also be considered as a safe (and slow - it doesn't come for free) variant of C to be used in production systems.