DEV Community

Discussion on: Writing safer C with Clang address sanitizer

Collapse
 
tbodt profile image
tbodt

Literally the only problem with asan is that if you pass a pointer to one of your libraries, and that library overruns the buffer, you'll only get a report if the library is also compiled with asan. When I was writing a Python C extension, I compiled my own version of Python with asan enabled, but I was also linking with V8, and V8 really really really wants to be built with a very specific revision of clang. And as I soon found out, you run into some pretty real trouble if you try to run a program with two different versions of asan at the same time.

Collapse
 
loderunner profile image
Charles Francoise

Thanks for the feedback. Good point! I wouldn't go linking two different versions of asan, sounds much too risky.

But even if 3rd party libraries can't output a full report, it's still good to have an early failure, instead of a potentially mind-boggling memory issue later down the road.