Hi Evgeny, I really appreciate you helping us using more analyzers and fuzzers to improve the code base. I think the address sanitizer already helped improve the code. But it would help if you replied to the original reviews and/or mentioned how the different versions of your patch have changed since the last time. As far as I can see you only changed the commit message a little this time.
On Fri, Dec 03, 2021 at 06:02:09PM +0000, Evgeny Vereshchagin wrote: > Other than that, while options like --enable-sanitize-undefined are > helpful shortcuts, they simply can't cover all the usecases and it's > still necessary to pass additional compiler flags to clang via > CFLAGS to for example get around issues like > https://github.com/evverx/elfutils/issues/16 and > https://github.com/evverx/elfutils/issues/15. I really do believe that working from the now proposed --enable-sanatize-address will be easiest to integrate address sanitizer support. See how I used it to workaround isssues with the gcc address sanitizer. You can use it likewise to work around issues with clang. e.g. the configure check should detect the issue with --no-undefined and could try if adding -lasan to LDFLAGS helps. So the other isssues you are seeing with the clang address sanitizer is "applying non-zero offset ... to null pointer" and "variable length array bound evaluates to non-positive value 0". I am not sure how those are actual problems. In the first case the calculated addresses aren't actually used as (dereferenced) pointers, in the second the array bound being zero also means the array content isn't used. Do you know why these issues are flagged? Are there any extra ASAN_OPTIONS set in these cases? Cheers, Mark
