Closed Bug 664901 Opened 9 years ago Closed 6 years ago

Run AddressSanitizer on Firefox

Categories

(Core :: Security, defect)

Other Branch
x86
Linux
defect
Not set

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: azakai, Assigned: ehsan)

References

(Blocks 1 open bug)

Details

(Keywords: sec-want, Whiteboard: [sg:want])

AddressSanitizer was recently released by Google,

http://code.google.com/p/address-sanitizer/wiki/AddressSanitizer

It's a memory error detector. Sort of like valgrind, but can detect slightly different stuff, and faster/with less memory. Google have found bugs in Chromium with it.

The procedure is apparently to build with LLVM, then AddressSanitizer rewrites the LLVM code. You then run that normally (not inside a special environment like valgrind).

This bug is to track investigation of the tool, and seeing if we can use it in Firefox.
cc'ing some people I hope will be interested.
Whiteboard: [sg:want]
I've been working on this as a hobby(!), so I might just make it official.
Assignee: nobody → ehsan
Depends on: 665056
No longer depends on: 665056
I've been trying to build Firefox just as Ehsan described in comment 3 because I think it would be very valuable for us to run fuzzers in Firefox with address sanitizer. Unfortunately I did not succeed but I remember that this worked before. It would be good if someone else could try to reproduce the build like Ehsan did it and let me know if it works. If not, then we should quickly work on getting this up and running.
See Also: → 699520
Depends on: 699520, 709483, 709580
See Also: 699520
Depends on: 727445
Depends on: 748727
Depends on: 748739
Depends on: 749588
Depends on: 749768
Depends on: 753135
Depends on: 768405
Depends on: 768406
Depends on: 777421
We've been running Firefox with ASAN for a year or so.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.