search

trailofbits / ruzzy

A coverage-guided fuzzer for pure Ruby code and Ruby C extensions
GNU Affero General Public License v3.0
69 stars 3 forks source link

Consider using __asan_default_options instead of ASAN_OPTIONS #17

Open mschwager opened 3 months ago

mschwager commented 3 months ago

ASan flags can be specified in a number of ways: https://github.com/google/sanitizers/wiki/AddressSanitizerFlags#run-time-flags.

Currently, we use the ASAN_OPTIONS ENV variable in a number of places:

https://github.com/trailofbits/ruzzy/blob/be400457316933d607550580aa68f33e01ce16a3/README.md#L57-L70

https://github.com/trailofbits/ruzzy/blob/be400457316933d607550580aa68f33e01ce16a3/Dockerfile#L23-L26

The downside of this approach is that we require an additional step from users to export this ENV variable. If we use the __asan_default_options function in our source code, then that's one less step. We still need to confirm that ASAN_OPTIONS can overwrite __asan_default_options at runtime in case users need different options.

mschwager commented 2 months ago

This is a bit more challenging than I initially anticipated due to the way Ruzzy is structured. When fuzzing C extensions, there ends up being two C extensions: the Ruzzy C extension and the target C extension. The Ruzzy C extension is the one we have the most control over, but I believe __asan_default_options would have to be defined in the target C extension. This certainly isn't impossible, but it's more work than adding __asan_default_options to cruzzy.c.