Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGQ9bdwziW09Jn17M=5+qyi5Q-1+LTy4dr0d0Tkm2WP0ao-NzA@mail.gmail.com>
Date: Fri, 20 Mar 2015 19:14:33 -0700
From: Konstantin Serebryany <konstantin.s.serebryany@...il.com>
To: Rich Felker <dalias@...c.org>
Cc: musl@...ts.openwall.com
Subject: Re: buffer overflow in regcomp and a way to find more of those

>
> Sorry to keep bombarding you with questions.

You are more than welcome!

> One more: is it only asan
> that needs dynamic linking? If we're willing to drop asan for now and
> just rely on musl itself crashing for heap corruption (musl does a
> good job of detecting it usually), can the necessary coverage stuff
> still work with static linking?

I think it can with a reasonable additional work, but not out of the box.
The compiler instrumentation in clang clearly does not care about
dynamic vs static linking.
If you build the source with "-fsanitize=leak -fsanitize-coverage=4
-O1" the compiler will not insert any of the asan instrumentation
and only insert calls to a couple of functions needed for coverage.
Then, instead of linking with the full asan+coverage run-time, you
will need a very simple re-implementation of coverage-only runtime.

But, my previous experience with running fuzzers w/o memory bug
detectors (asan, or others)
suggests that this is a bad idea. Memory bugs tend to accumulate and
show up in the following iterations (if at all).

>
> Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.