We haven't tried anything automated here. In a dozen of cases our users had to annotate their code with __asan_[un]poison_memory_region, but indeed this is labor-intensive and is still weaker than what asan's malloc provides (usually, no quarantine, no adaptive redzones, etc)
On Wed, Dec 3, 2014 at 6:20 AM, Yury Gribov <[email protected]> wrote: > Hi all, > > As we all know ASan only instruments standard allocators (malloc/free, > new/delete) so if sanitized application uses a custom allocator on top of > mmap or libc, precision of heap overflow detection could significantly > decrease. This may be a problem when one wants to sanitize e.g. full > distribution - manual inspection of packages and addition of custom poisons > may take weeks of work. Has anyone tried to automate this in any way? > There are some experimental approaches to this (e.g. MemBrush) Interesting! > or at the very least I could grep for functions with "interesting" names > (.*alloc.*) and then inspect them manually. There is also *FreeList* kind of names. --kcc > > > -Y > > -- > You received this message because you are subscribed to the Google Groups > "address-sanitizer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
