address-sanitizer

AddressSanitizer (ASan) is a widely adopted memory error detection tool used extensively during software testing, particularly fuzzing. It helps detect memory corruption bugs that might otherwise go unnoticed, such as buffer overflows, use-after-free errors, and other memory safety violations. ASan is a standard practice in fuzzing due to its effectiveness in identifying memory vulnerabilities. It instruments code at compile time to track memory allocations and accesses, detecting illegal operations at runtime. Apply this technique when: Skip this technique when: Compile and link your code with the -fsanitize=address flag: The -g flag is recommended to get better stack traces when ASan detects errors. Set the ASAN_OPTIONS environment variable to configure ASan behavior: Execute the ASan-instrumented binary. When memory errors are detected, ASan will print detailed reports: ASan requires approximately 20TB of virtual memory. Disable fuzzer memory restrictions: Use Case: Standard fuzzing setup with ASan Before: After: Use Case: Enable ASan for unit test suite Before: After: When ASan detects a memory error, it prints a detailed report including: Example ASan report: ASan can be combined with other sanitizers for comprehensive detection: Linux : Full ASan support with best performance macOS : Limited support, some features may not work Windows : Experimental support, not...