Actions
Optimization #7966
open
SZ
PA
Relevance of QA UBSan article
Optimization #7966:
Relevance of QA UBSan article
Effort:
Difficulty:
Label:
Description
I fuzz suricata 7.0.10 and recently I decided to enable some of undefined behavior sanitizers which led to a bunch of errors (mostly integer overflow). So I was looking for similar exsting issues and found QA UBSan article.
This excludes 3 tests from being fatal:
- vptr, because clang errors out otherwise
- unsigned-integer-overflow, because we rely on this in the TCP sequence number tracking.
- unaligned, because this is a minor issue on the platforms we are most used on and there are some open issues
- I don't have any problems with enabling vptr.
- This doesn't look good to me. Any undefined behavior must be properly handled. If wraping value around integer range is desired there's better way to do it.
- UBSan report also doesn't look good to me and so I guess for my regulators too.
This article seems to be very old, so basicly I want to know if this changed or fixed in never versions of suricata or if there a serious reason why it won't be fixed.
VJ Updated by Victor Julien 7 months ago
- Assignee changed from OISF Dev to Philippe Antoine
- Git IDs updated (diff)
PA Updated by Philippe Antoine 7 months ago
- Status changed from New to Assigned
PA Updated by Philippe Antoine 4 days ago
If wraping value around integer range is desired there's better way to do it.
What would be the way to do this ?
unaligned
Seems we want this indeed cf https://github.com/OISF/suricata/pull/15207
PA Updated by Philippe Antoine 4 days ago
- Tracker changed from Security to Optimization
- Severity deleted (
MODERATE) - Affected Versions deleted (
7.0.10)
Actions