141 questions
0
votes
0
answers
53
views
How to compile preexisting nix derivation with Clang sanitizers
I am attempting to write a function which takes as input a Nix derivation (any derivation which can build with clang), and as output, returns a modified version of the derivation that builds with ...
- 101
0
votes
1
answer
56
views
Makefile: condition on specific target
In my ideal solution, I want a Makefile that set sanitizers based on SAN variable, only when I call the target "debug", and take care that, as now, gcc do not support -fsanitize=memory, so ...
- 354
1
vote
0
answers
18
views
Android app integrate HWAddress Sanitizer run app failed
I intergrate hwaddress sanitizer according to the document: enter link description here
then run the app, log output shows run wrap.sh failed
#!/system/bin/sh
echo "wrap Running with HWASAN $@&...
- 81
4
votes
1
answer
116
views
fflush() on invalid FILE pointer returns 0 if compiled with sanitizer
When I read the documentation of fflush, it says that it returns 0, it it was successful and it returns EOF (EOF is on my machine -1) otherwise. (see https://man7.org/linux/man-pages/man3/fflush.3....
- 1,063
0
votes
1
answer
92
views
LLVM Build Fails with MemorySanitizer Enabled
Derived from llvm error when attempt to build libcxx instrumented with memory sanitizer
I am attempting to build LLVM with the libcxx and libcxxabi projects instrumented with MemorySanitizer (Msan) ...
0
votes
1
answer
91
views
LLVM kCFI sanitizer with function of volatile arguments
Here is the minimal reproducible example:
// my_func.h
typedef volatile struct {
int a;
} my_vdata_t;
typedef struct {
int a;
} my_data_t;
extern void (*vfunc)(my_vdata_t* data);
extern void (*...
2
votes
1
answer
201
views
libzimg: AddressSanitizer: SEGV
I have a collection of JPEG files that I would like to scale down by a specific size with zimg (aka z.lib) library:
This is my code snippet:
#include <cstdio> // fopen, fseek, ftell, fread, ...
- 43
1
vote
1
answer
120
views
Force ThreadSanitizer to crash after finding a problem
I'm running ThreadSanitizer with -02 and g compiler flags and without gdb. It detects the race condition and prints the stacktraces but it continues running. I was fortunate to be monitoring.
Is there ...
- 17.2k
0
votes
1
answer
115
views
ASAN does not detect buffer overflow
There is the following piece of code
#include <iostream>
#include <type_traits>
thread_local std::aligned_storage_t<1024> data;
int main() {
std::cout << sizeof(data) <&...
- 883
1
vote
1
answer
311
views
How to show special characters in title attribute on HTML using Angular?
Using Angular in html I need to add title attribute on <a> tag, the value of the title will have text and special characters. The attribute should render tooltip on the anchor, but it is not ...
- 349
2
votes
1
answer
221
views
Difference Between Linter, Sanitizer and Analyzers
What is the difference Between Linters, Sanitizers and Analyzers?
And what are some examples of Linters, Sanitizers and Analyzers for Python?
Also are they dependent on the IDE that you are using? I ...
- 334
0
votes
0
answers
217
views
OWASP Java HTML Sanitizer - rel attribute on a element
I'm using the OWASP Java HTML Sanitizer to sanitize HTML input.
The problem is that the "rel" attribute values "noopener" and "noreferrer" is duplicated or removed by the ...
- 1
2
votes
1
answer
1k
views
Address Sanitizer - How to set >1 ASAN_OPTIONS?
I'm on Windows using Visual Studio compiler.
I'm using /fsanitize=address to compile with AddressSanitizer.
I run my exe from command line.
I want my exe to
continue on ASAN errors and
write all ASAN ...
- 527
13
votes
1
answer
3k
views
Possible Bug in GCC Sanitizers?
I always compile my programs with gcc and during development always with:
gcc -g -Wall -Wextra -std=c2x -fsanitize=address,undefined
Today I noticed that the address sanitizer randomly detects SEGVs ...
- 131
23
votes
1
answer
8k
views
FATAL: ThreadSanitizer: unexpected memory mapping when running on Linux Kernels 6.6+
The Problem
Recently on Linux Kernels 6.6.6 and higher it was discovered that thread sanitizer will always lead to this error:
FATAL: ThreadSanitizer: unexpected memory mapping 0x5c9bd4d2b000-...
- 1,842
7
votes
0
answers
309
views
Sanitizing static freestanding nolibc programs?
I'm developing a static freestanding nolibc/nostdlib program for Linux and would like to use the C compiler's memory, address and undefined behavior sanitizers to improve my code.
I couldn't get it to ...
- 17.3k
1
vote
0
answers
555
views
Undefined reference to `__tsan_...` when linking static library built with thread sanitizer
I have built pdfium with thread sanitizer enabled. To do this I have followed these instructions:
git clone 'https://chromium.googlesource.com/chromium/tools/depot_tools.git'
export PATH="${PWD}/...
- 451
1
vote
0
answers
174
views
How to override AddressSanitizer callback functions (e.g. `__asan_on_error`)
I'm trying to interact with interfaces of AddressSanitizer while using Rust, but I'm having some difficulties.
Specifically, I want to write a hook that is called immediately when ASan detects an ...
0
votes
1
answer
796
views
Add sanitization to url and alt for angular
I need help on how to add sanitization to the url and alt text of this code. What is the best way to do this as this is something I'm not very familiar with. I tried researching but not able to find a ...
0
votes
0
answers
66
views
Is passing the uninitialized variable to function considered UB in C++? [duplicate]
Recently I was writing my raytracer project and made some bugs in it. I have a function:
double Length(const Vector& v) {
return std::sqrt(v[0] * v[0] + v[1] * v[1] + v[2] * v[2]);
}
and then ...
- 19
2
votes
0
answers
133
views
Equivalent of a heap profiler but for the stack?
I'm hitting a stack overflow where a (Rust default) stack size of 2 MiB is insufficient and a very basic piece of code crashes. If I set RUST_MIN_STACK=4159616, then it works as expected. ...
- 3,685
3
votes
0
answers
98
views
Python crashes with LD_PRELOAD and ThreadSanitizer library
I have a scenario where a python script loads a shared object on a Ubuntu 20 x64 system. The shared object is instrumented with thread sanitizer. However, once the libary loads it spawns a "...
- 975
0
votes
0
answers
34
views
create a folder out of working folder without use of double period with Dir.mkdir
Is it possible to create a folder outside of working folder without direct use of double period with ruby's Dir.mkdir s or mkdir_p s. I am interested in linux-like systems only.
My goal it to sanitise ...
- 3,715
3
votes
1
answer
1k
views
Why doesn't -fsanitize=undefined pick up on (what I think is) UB?
auto vec = std::vector<int>({1, 2, 3});
std::cout << *vec.end() << std::endl;
Here is some simple code that I believe to be UB. However, compiling this with the following steps:
g++ ...
- 995
0
votes
1
answer
631
views
Do I need to sanitise TIPTAP text editor in nextJS?
do I need to sanitise TIPTAP text editor with nextJs? If so, what sanitiser is best with nextJS and TIPTAP text editor?
- 5
0
votes
1
answer
78
views
Iterator invalidation for associative containers
I know that erasing elements from an associative container inside a for loop invalidates it.
Is it the case when using a range based loop?
#include <iostream>
#include <unordered_map>
#...
- 185
0
votes
0
answers
57
views
Leakage message from sanitizer for program that does not allocate anything
I have some code that does almost nothing, but it does so in a convoluted way. Most importantly, it does not allocate anything. All data is on the stack. It works just fine with many versions of gcc ...
- 1,397
1
vote
0
answers
120
views
downloadable font: rejected by sanitizer (font-family: "summernote" style:normal weight:400 stretch:100 src index:2)
I'm facing some problems with this summernote font-family, it's being rejected by the sanitizer, and the error are pointing to this css URL:
@font-face{font-family:"summernote";font-style:...
0
votes
1
answer
278
views
Issue with UBA sanitizer casting negative double to unsigned long long on C++
I've been working with C++ and have been utilizing the UBA sanitizer to convert a double to an unsigned long long. However, I've been encountering an issue when the value is negative, which results in ...
- 79
1
vote
0
answers
61
views
Compile a C code with Sanitizer, use python subprocess to run the program but returncode always 0
I use Sanitizer to compile C code, my compile cmd is:
gcc -fsanitize=address -fsanitize=leak -o test test.c.
When I run ./test in shell, I got the LeakSanitizer Error info.
But When I use subprocess ...
- 19
0
votes
1
answer
333
views
How do I use the new Sanitizer API from Typescript?
This works all fine on Codepen, even without window. I am surprised about that because I am used to be forced to use ẁindow.x
if ( 'Sanitizer' in window ) {
console.log( 'sani', 'Sanitizer' in ...
- 1,483
0
votes
1
answer
74
views
Can't fix heap-buffer-overflow error on my C code
I need help fixing an fsanitize=address error on this code.
If I compile my .c program with the flags "fsanitize=address -g" I get the following error:
==93042==ERROR: AddressSanitizer: heap-...
0
votes
1
answer
357
views
HTML sanitizer version getting error in server build
I have installed a package of HTML sanitizer in my local(v7.0.0). it works fine in my local. So I built the code and deployed to server. But in the server the sanitizer page gets encountered with ...
- 1
3
votes
0
answers
345
views
How to integrate sanitizer report with gtest and/or Jenkins
I have some multi platform project and address sanitizer found couple issues when running gtest unit tests (issues are from dependencies which where not build with sanitizer).
Here is how end of gtest ...
- 37k
5
votes
2
answers
396
views
Add unique attribute id to each h2-tag with owasp java html sanitizer
I am using owasp-java-html-sanitizer and try to add id-attributes to each h2-tag in my HTML Code, which should be persistent over several page loads but unique for each element on the page(as defined ...
- 1,361
4
votes
1
answer
861
views
Why does the clang sanitizer think this left shift of an unsigned number is undefined?
I know there are many similar questions on SO. Please read carefully before calling this a dup. If it is, I would be happy to get a reference to the relevant question.
It seems to me that the clang ...
- 743
25
votes
3
answers
5k
views
Undefined behavior (according to clang -fsanitize=integer) on libstdc++ std::random due to negative index on Mersenne Twister engine
I'm using clang++ 10 on Ubuntu 20.04 LTS, with -fsanitize-undefined-trap-on-error -fsanitize=address,undefined,nullability,implicit-integer-truncation,implicit-integer-arithmetic-value-change,implicit-...
- 4,424
0
votes
1
answer
844
views
Undefined Behavior Sanitizer missing addition overflow check
When I use nm | grep '__ubsan', it returns:
U __ubsan_handle_add_overflow
U __ubsan_handle_divrem_overflow
U __ubsan_handle_dynamic_type_cache_miss
U __ubsan_handle_load_invalid_value
U ...
- 445
2
votes
2
answers
945
views
Warning: null destination pointer [-Wformat-overflow=] with GCC 11.2.1
Here is my code:
#include <iostream>
#include <cstdio>
int main()
{
char *str = new char[64] ;
std::sprintf(str, "msg: %s", "hello world") ;
std::cout <...
- 23
0
votes
0
answers
759
views
New option in GCC : -fsanitize=shadow-call-stack
I have been working with the latest release of gcc (GCC 12.1, released May 6, 2022).
There is a new command-line option : -fsanitize=shadow-call-stack.
The documentation states:
GCC now supports the ...
- 9,072
7
votes
0
answers
117
views
-fsanitize=address duplicates inline strings. Is this intended behavior or a compiler issue?
In our codebase we expect that strings only exist once in the compiled binary. I observe that
-fsanitize=address
can generate duplicated strings in the executable. This breaks our code.
The ...
- 143
7
votes
1
answer
4k
views
How use Memory Sanitizer with use GCC?
I want to use this kind of sanitizer in gcc. How can I do this? Is such an operation possible?
I found solution for clang:
clang -fsanitize=memory -fno-omit-frame-pointer -g -O2 umr.cc but I don't ...
- 71
2
votes
2
answers
2k
views
How to set ASAN_OPTIONS to CMake managed projects in CLion
I'm trying to use Google sanitizers https://www.jetbrains.com/help/clion/google-sanitizers.html on my CMake project using CLion. I need to pass ASAN_OPTIONS=detect_container_overflow=0 environment ...
- 63
0
votes
1
answer
2k
views
Address Sanitizer - suppress for gtest
Is possible to suppress unit test functions? I have address sanitizer in my project and I am getting reports with info about stack-buffer-overflow, which I want to supress.
It's already one ...
- 9
1
vote
0
answers
495
views
Problem using fsanitize on Macos Monterey 12.0.1
I can't use fsanitize on Macos every time I execute my programs this message appears:
a.out(1003,0x111253600) malloc: nano zone abandoned due to inability to preallocate reserved vm space.
the code ...
- 11
3
votes
1
answer
793
views
Why LLVM's leak sanitizer not working when using with other sanitizers enabled
I was trying to find a memory leak from a simple program:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
void parse(const char* input) {
// ...
- 95
2
votes
1
answer
2k
views
What is the difference between -fsanitize-coverage=trace-pc and trace-pc-guard?
Recently I have been studying the Clang sanitizer. I find the flag -fsanitize-coverage can be trace-pc or trace-pc-guard. According to the official document(Tracing PCs with guards, Tracing PCs), both ...
- 21
1
vote
1
answer
2k
views
Clang sanitizers missing a read from uninitialized memory
I have the following code, that I am confident reads from garbage memory, but clang sanitizers do not complain.
Is there something I can do to make them trigger or I should just accept this as ...
- 29.9k
0
votes
1
answer
153
views
Can you run a user-defined pass before ASAN sanitizer?
I compile my code with -fsanitize=address switch. I have my own llvm pass that I want to execute. By the time the pass starts, I can see that the ASAN pass was made. Is it possible to run my pass ...
user11746929
0
votes
0
answers
2k
views
How to get line numbers with AddressSanitizer output?
How can I get line numbering when running address sanitizer on gcc?
I have a simple program to test address santizer (buffer overflow):
#include<stdio.h>
int main(void)
{
int A[10] = {0};
...
- 65