Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

AddressSanitizer

Skill Aktiv
Teil von:Testing Handbook Skills

AddressSanitizer detects memory errors during fuzzing. Use when fuzzing C/C++ code to find buffer overflows and use-after-free bugs.

Zweck

To enable developers to effectively use AddressSanitizer for finding memory corruption bugs in C/C++ code during fuzzing and testing.

Funktionen

  • Detects memory errors like buffer overflows and use-after-free
  • Integrates with C/C++ compilation toolchains (Clang/GCC)
  • Configurable runtime options via environment variables
  • Provides step-by-step integration guides for fuzzers (libFuzzer, AFL++, cargo-fuzz)
  • Includes troubleshooting for common ASan issues

Anwendungsfälle

  • Fuzzing C/C++ code to find memory safety vulnerabilities
  • Debugging crashes related to memory corruption
  • Enhancing unit test suites with memory error detection
  • Improving the security posture of C/C++ projects

Nicht-Ziele

  • Applying ASan in production environments due to performance overhead
  • Fuzzing pure safe languages without FFI or platforms with limited ASan support (Windows, macOS)
  • Replacing fundamental fuzzing techniques or harness writing
  • Detecting non-memory-related bugs

Workflow

  1. Compile C/C++ code with AddressSanitizer flags (`-fsanitize=address`)
  2. Configure ASan runtime behavior using `ASAN_OPTIONS` environment variable
  3. Run the instrumented program or fuzzer
  4. Analyze ASan's detailed error reports when memory errors are detected
  5. Adjust fuzzer memory limits if necessary for ASan's virtual memory requirements

Trust

  • warning:Issues Attention13 issues opened, 4 closed in the last 90 days, indicating a low closure rate and slow maintainer response.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install testing-handbook-skills@trailofbits

Qualitätspunktzahl

85 /100
Analysiert about 16 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

LibFuzzer

95

Coverage-guided fuzzer built into LLVM for C/C++ projects. Use for fuzzing C/C++ code that can be compiled with Clang.

Skill
trailofbits

AFL++ Fuzzer

95

AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projects.

Skill
trailofbits

Use My Browser

100

Verwenden Sie dies, wenn die Arbeit von den Live-Browsersitzungs- oder gerenderten Zustand des Benutzers abhängt und nicht von statischen Abrufen, insbesondere für Browser-Debugging-Kontexte oder von DevTools ausgewählte Elemente oder Anfragen, angemeldeten Dashboards oder CMS-Flows, localhost-Apps, Formularen, Uploads, Downloads, Medieninspektion, DOM- oder iframe-Inspektion, Shadow DOM oder Browserfehlern, die wie Soft-404s, Authentifizierungswände, Anti-Bot-Prüfungen oder Ratenbegrenzungen aussehen.

Skill
xixu-me

Node Connect

100

Diagnose OpenClaw Android, iOS, or macOS node pairing, QR/setup code, route, auth, and connection failures.

Skill
steipete

Openclaw Debugging

100

Debug OpenClaw model, provider, tool-surface, code-mode, streaming, and live/Crabbox behavior by choosing the right logs, probes, and proof path before changing code.

Skill
steipete

Ctx Doctor

100

Führt Diagnosen für den Kontextmodus aus. Überprüft Laufzeiten, Hooks, FTS5, Plugin-Registrierung sowie npm- und Marktplatzversionen. Auslöser: /context-mode:ctx-doctor

Skill
mksglu