Lightning:Safer C, Address Sanitizer and Fuzzing

From Camp_2015_Wiki
Jump to: navigation, search

Description Address Sanitizer is a powerful compiler feature that allows a certain level of memory safety in C. It is intended to be used to find bugs, but I want to try running it in production.
Slides http://int21.de/slides/asan-cccamp15.pdf
Website(s) https://fuzzing-project.org/
Tags memorycorruption, addresssanitizer, asan, fuzzing, c, memsafe, linux, gcc, clang, llvm
Person organizing User:hanno
Contact: hanno@hboeck.de
Language en - English
en - English
Duration 5
Desired session Day 2
Desired timeframe 16:00/4PM

Address Sanitizer is a feature of gcc and clang/llvm that allows a certain level of memory safety in C applications. It is a powerful tool and is responsible for the discovery of hundreds of bugs.

I've recently started to create a Linux system (Gentoo-based) where everything except a few core packages is built with Address Sanitizer. Just by doing this I find bugs in important applications, but it could also be considered as a safe (and slow - it doesn't come for free) variant of C to be used in production systems.