Suricata

I fuzz suricata 7.0.10 and recently I decided to enable some of undefined behavior sanitizers which led to a bunch of errors (mostly integer overflow). So I was looking for similar exsting issues and found QA UBSan article.

This excludes 3 tests from being fatal:

1. vptr, because clang errors out otherwise
2. unsigned-integer-overflow, because we rely on this in the TCP sequence number tracking.
3. unaligned, because this is a minor issue on the platforms we are most used on and there are some open issues

1. I don't have any problems with enabling vptr.
2. This doesn't look good to me. Any undefined behavior must be properly handled. If wraping value around integer range is desired there's better way to do it.
3. UBSan reportUBSan report

   SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior app-layer-dnp3.c:800:33 
   app-layer-dnp3.c:758:33: runtime error: load of misaligned address 0x5030000a8caf for type 'uint16_t' (aka 'unsigned short'), which requires 2 byte alignment
   0x5030000a8caf: note: pointer points here
    0a 96 72 61 00  00 80 34 00 00 00 00 00  00 00 0a 00 00 00 00 00  00 02 00 00 1c 00 00 00  36 a1 00
   

   also doesn't look good to me and so I guess for my regulators too.

This article seems to be very old, so basicly I want to know if this changed or fixed in never versions of suricata or if there a serious reason why it won't be fixed.

Sanitizers I useSanitizers I use