Actions
Optimization #7966
open
SZ
PA
Relevance of QA UBSan article
Optimization #7966:
Relevance of QA UBSan article
Effort:
Difficulty:
Label:
Description
I fuzz suricata 7.0.10 and recently I decided to enable some of undefined behavior sanitizers which led to a bunch of errors (mostly integer overflow). So I was looking for similar exsting issues and found QA UBSan article.
This excludes 3 tests from being fatal:
- vptr, because clang errors out otherwise
- unsigned-integer-overflow, because we rely on this in the TCP sequence number tracking.
- unaligned, because this is a minor issue on the platforms we are most used on and there are some open issues
- I don't have any problems with enabling vptr.
- This doesn't look good to me. Any undefined behavior must be properly handled. If wraping value around integer range is desired there's better way to do it.
- UBSan report also doesn't look good to me and so I guess for my regulators too.
This article seems to be very old, so basicly I want to know if this changed or fixed in never versions of suricata or if there a serious reason why it won't be fixed.
VJ Updated by Victor Julien 7 months ago
- Assignee changed from OISF Dev to Philippe Antoine
- Git IDs updated (diff)
PA Updated by Philippe Antoine 7 months ago
- Status changed from New to Assigned
PA Updated by Philippe Antoine 24 days ago
If wraping value around integer range is desired there's better way to do it.
What would be the way to do this ?
unaligned
Seems we want this indeed cf https://github.com/OISF/suricata/pull/15207
PA Updated by Philippe Antoine 24 days ago
- Tracker changed from Security to Optimization
- Severity deleted (
MODERATE) - Affected Versions deleted (
7.0.10)
Actions