QEMU-AddressSanitizer

37 views

Skip to first unread message

Andrea Fioraldi

unread,

Dec 26, 2019, 1:31:55 PM12/26/19

to address-sanitizer

Hi to all,

I'm open-sourcing my heap-only ASan solution for binaries based on QEMU-user, QEMU-AddressSanitizer.

https://github.com/andreafioraldi/qasan

Nothing special, I was just inspired by the ASan paper that, in the conclusion, states that is possible to implement ASan with binary translation.

Actually, I link QEMU with a patched ASan DSO without interceptor (I don't want to instrument QEMU itself and have a unneeded slowdown) and instrument accesses with TCG.

Hooks are forwarded via a fake syscall.

It is just for fuzzing, don't expect meaningful stacktraces (use instead malloc_context_size=0), it includes all AFL++ patches.

More info in the small blogpost that I written about it: https://andreafioraldi.github.io/articles/2019/12/20/sanitized-emulation-with-qasan.html

Ofc contributions are welcome ;)

Regards,

Andrea

Reply all

Reply to author

Forward

0 new messages