https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116243
Dominik 'disconnect3d' Czarnota <dominik.b.czarnota+bugzilla at gmail dot com>
changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dominik.b.czarnota+bugzilla
| |@gmail.com
--- Comment #3 from Dominik 'disconnect3d' Czarnota
<dominik.b.czarnota+bugzilla at gmail dot com> ---
Hi, we created a minimal PoC of this at Trail of Bits for GCC 11.1 in the past
which you can find here [0]. This code is not production ready, but it may be
helpful for developing this further.
We actually developed ASan annotations for std::string and std::deque in both
GCC and LLVM after we found a bug manually that a fuzzer with ASan wasn't able
to find. Later, we focused only on LLVM as we wanted to run fuzzing harnesses
from oss-fuzz (which uses mostly LLVM) with such annotations. We eventually
finished and upstreamed the LLVM implementation.
We also presented about this research on WarCon 2022 [1] (there is also a slide
'a bit of history' on container overflow developments) and we blogged about
ASan [2] and annotations/container sanitization [3].
I hope and believe that the linked resources will be helpful for implementing
and testing this further in GCC.
We would also be happy to work on this further for GCC if resourcing is
available for it.
[0]
https://github.com/trailofbits/gcc-asan-container-overflows/tree/containers-annotations
[1]
https://docs.google.com/presentation/d/1Wnn1Vmt5OwTra619j2_QiP1QA8XpWi4qTT9p9lMDR-8/
[2]
https://blog.trailofbits.com/2024/05/16/understanding-addresssanitizer-better-memory-safety-for-your-code/
[3]
https://blog.trailofbits.com/2024/09/10/sanitize-your-c-containers-asan-annotations-step-by-step/
