CHERI vs. address sanitizer

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CHERI vs. address sanitizer

From:	Bruno Haible
Subject:	CHERI vs. address sanitizer
Date:	Sun, 12 Nov 2023 22:57:33 +0100

Two among the bugs uncovered by CHERI (the mcel bug [1] and the xgettext bug
[2]) could be found
  - by CHERI, or
  - by "gcc -fsanitize=address", or
  - by "clang -fsanitize=address",
but not by valgrind.

This raises the question: Should we better use CHERI for general pre-release
testing, or the address sanitizers?

The answer is in [3], page 4, table III: CHERI does not detect use-after-free
and stack-use-after-return bugs ("temporal memory safety").

Because of this, I'll be using address sanitizers, not CHERI, for the next
foreseeable time.

Find a writeup at [4].

Although running a desktop where everything, from the kernel to the web browser,
has CHERI-enabled pointer validation would be cool from the security point of
view. But that's a different goal than searching for bugs in a particular
package...

Bruno

[1] https://lists.gnu.org/archive/html/bug-gnulib/2023-11/msg00034.html
[2] https://lists.gnu.org/archive/html/bug-gnulib/2023-11/msg00109.html
[3] 
https://www.techrxiv.org/articles/preprint/Towards_a_Hybrid_Approach_to_Protect_Against_Memory_Safety_Vulnerabilities/14680185
[4] https://gitlab.com/ghwiki/gnow-how/-/wikis/Finding_memory_bugs

[Prev in Thread]

Current Thread

[Next in Thread]

CHERI vs. address sanitizer, Bruno Haible <=
- Re: CHERI vs. address sanitizer, Jessica Clarke, 2023/11/12
  - Re: CHERI vs. address sanitizer, Bruno Haible, 2023/11/12

Prev by Date: Re: c32width gives incorrect return values in C locale
Next by Date: Re: test environments
Previous by thread: Re: c32width gives incorrect return values in C locale
Next by thread: Re: CHERI vs. address sanitizer
Index(es):
- Date
- Thread