Project

General

Profile

Suricata » Suricata Developers Guide »

UBSan

Notes on using UBSan with Suricata.

Tested with Ubuntu 16.04 and clang 3.8.

Goal is to be completely clean.

UndefinedBehaviorSanitizer

http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

Suppressions are supported: http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#runtime-suppressions

Compiling Suricata

CC=clang-3.8 CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fsanitize-trap=undefined -fno-omit-frame-pointer"

For QA, we want all errors to be fatal: -fno-sanitize-recover=undefined

When debugging, add -fsanitize-trap=undefined, so Suricata will dump core or abort at the correct position when running in gdb.

QA

For QA purposes, the following settings are used for now.

CFLAGS="-O0 -ggdb3 -Werror -Wchar-subscripts -fno-strict-aliasing -fstack-protector-all \
        -fsanitize=bool,bounds,enum,float-cast-overflow,float-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr \
        -fno-sanitize-recover=bool,bounds,enum,float-cast-overflow,float-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound \
        -fno-omit-frame-pointer"

This excludes 3 tests from being fatal:

  1. vptr, because clang errors out otherwise
  2. unaligned, because this is a minor issue on the platforms we are most used on and there are some open issues
  3. unsigned-integer-overflow, because we rely on this in the TCP sequence number tracking.