On Mon, Jun 19, 2023 at 11:50 PM Rene Engelhard <r...@debian.org> wrote: > > Am 20.06.23 um 00:03 schrieb Jeffrey Walton: > > > > You can usually uncover them by building the package with CFLAGS=" ... > > -fsanitize=undefined ... " and CXXFLAGS=" ... -fsanitize=undefined ... > > ". The UBsan sanitizer operates on real data. There are no false > > positives. > > I'd personally assume this isn't UB since upstream builds with UBsan for > testing (admittedly not on mipsel, though). But once can investigate here...
Yeah, there's a caveat: you have to have complete self tests. If the project lacks complete self tests, then you may not uncover the bug. You can run the program in production with a sanitizer build. It may uncover cases that were lacking in the test cases. And it's unfortunate some arches lack Asan and UBsan support. They are such powerful tools. Sometimes you can tease-out the UB on a different arch. Sometimes you can't. Jeff
