Skip to main content

AddressSanitizer

Skill Active
Part of:Testing Handbook Skills

AddressSanitizer detects memory errors during fuzzing. Use when fuzzing C/C++ code to find buffer overflows and use-after-free bugs.

Purpose

To enable developers to effectively use AddressSanitizer for finding memory corruption bugs in C/C++ code during fuzzing and testing.

Features

  • Detects memory errors like buffer overflows and use-after-free
  • Integrates with C/C++ compilation toolchains (Clang/GCC)
  • Configurable runtime options via environment variables
  • Provides step-by-step integration guides for fuzzers (libFuzzer, AFL++, cargo-fuzz)
  • Includes troubleshooting for common ASan issues

Use Cases

  • Fuzzing C/C++ code to find memory safety vulnerabilities
  • Debugging crashes related to memory corruption
  • Enhancing unit test suites with memory error detection
  • Improving the security posture of C/C++ projects

Non-Goals

  • Applying ASan in production environments due to performance overhead
  • Fuzzing pure safe languages without FFI or platforms with limited ASan support (Windows, macOS)
  • Replacing fundamental fuzzing techniques or harness writing
  • Detecting non-memory-related bugs

Workflow

  1. Compile C/C++ code with AddressSanitizer flags (`-fsanitize=address`)
  2. Configure ASan runtime behavior using `ASAN_OPTIONS` environment variable
  3. Run the instrumented program or fuzzer
  4. Analyze ASan's detailed error reports when memory errors are detected
  5. Adjust fuzzer memory limits if necessary for ASan's virtual memory requirements

Trust

  • warning:Issues Attention13 issues opened, 4 closed in the last 90 days, indicating a low closure rate and slow maintainer response.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills
/plugin install testing-handbook-skills@trailofbits

Quality Score

85 /100
Analyzed about 13 hours ago

Trust Signals

Last commit3 days ago
GitHub owner trailofbits (opens in new tab)
Stars5.2k
LicenseCC-BY-SA-4.0
Status
View Source

Similar Extensions

LibFuzzer

95

Coverage-guided fuzzer built into LLVM for C/C++ projects. Use for fuzzing C/C++ code that can be compiled with Clang.

Skill
trailofbits

AFL++ Fuzzer

95

AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projects.

Skill
trailofbits

Use My Browser

100

Use when work depends on the user's live browser session or visible rendered state rather than static fetches, especially for browser debugging contexts or DevTools-selected elements or requests, logged-in dashboards or CMS flows, localhost apps, forms, uploads, downloads, media inspection, DOM or iframe inspection, Shadow DOM, or browser failures that look like soft 404s, auth walls, anti-bot checks, or rate limits.

Skill
xixu-me

Node Connect

100

Diagnose OpenClaw Android, iOS, or macOS node pairing, QR/setup code, route, auth, and connection failures.

Skill
steipete

Openclaw Debugging

100

Debug OpenClaw model, provider, tool-surface, code-mode, streaming, and live/Crabbox behavior by choosing the right logs, probes, and proof path before changing code.

Skill
steipete

Ctx Doctor

100

Run context-mode diagnostics. Checks runtimes, hooks, FTS5, plugin registration, npm and marketplace versions. Trigger: /context-mode:ctx-doctor

Skill
mksglu

© 2025 SkillRepo · Find the right skill, skip the noise.