Hi to all,
I'm open-sourcing my heap-only ASan solution for binaries based on QEMU-user, QEMU-AddressSanitizer.
Nothing special, I was just inspired by the ASan paper that, in the conclusion, states that is possible to implement ASan with binary translation.
Actually, I link QEMU with a patched ASan DSO without interceptor (I don't want to instrument QEMU itself and have a unneeded slowdown) and instrument accesses with TCG.
Hooks are forwarded via a fake syscall.
It is just for fuzzing, don't expect meaningful stacktraces (use instead malloc_context_size=0), it includes all AFL++ patches.
Ofc contributions are welcome ;)
Regards,
Andrea