On Wednesday, May 11, 2016 at 12:13:30 AM UTC+3, pierre.gagelin wrote: > > Hi, > > I am a French last year student in internship with a researcher from the > Portsmouth university (UK). We began to work on memory security by looking > at a research publication which make reference to AddressSanitizer. I had a > first hand with the tool following your github documentation. Playing a bit > more with it I found it was possible to make access to unexpected memory > without triggering Asan (I attached a small C file with comments). Finding > it too easy I finally think I saw on the internet that it was known and > won't be changed (I am sorry I don't remember the source and don't find it > anymore, that why I can't really say I saw it). >
Right, that's the difference between canary-based (ASan) and bounds-checking tools (BaggyBounds). You can only detect overflows up to a certain extent with canaries (they usually cover 99% of real-world errors though...). > > My internship master and I agreed it could be interessant to look a little > bit deeper on the mechanism and before to jump into AddressSanitizer.cpp I > prefered to look at a smaller llvm pass: BoundsChecking.cpp (same folder). > Is it a part of the Asan project? Because of what I understood: > No, that's a separate (probably much less sophisticated) checker. > - it is a Function Pass retrieving a list of each instruction > - instrumenting load, store, atomic cmpxchg, atomic rwm > - instrumentation is on run-time > - instrumentation checks the pointer size, offset and size to be > stored/loaded > - make a trap if access is out of pointer bounds > Shouldn't it detect the obvious overflow made on the C file I attached? > > Thank you very much for your time and consideration. I am sorry if my > question is irrelevant, I'm just trying to take hands on the project so far. > > Pierre Gagelin > -- You received this message because you are subscribed to the Google Groups "address-sanitizer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
