ASan flags can be specified in a number of ways: https://github.com/google/sanitizers/wiki/AddressSanitizerFlags#run-time-flags.
Currently, we use the ASAN_OPTIONS ENV variable in a number of places:
|
```bash |
|
export ASAN_OPTIONS="allocator_may_return_null=1:detect_leaks=0:use_sigaltstack=0" |
|
``` |
|
|
|
<details> |
|
<summary>Understanding these options isn't necessary, but if you're curious click here.</summary> |
|
|
|
### `ASAN_OPTIONS` |
|
|
|
1. Memory allocation failures are common and low impact (DoS), so skip them for now. |
|
1. Like Python, the Ruby interpreter [leaks data](https://github.com/google/atheris/blob/master/native_extension_fuzzing.md#leak-detection), so ignore these for now. |
|
1. Ruby recommends [disabling sigaltstack](https://github.com/ruby/ruby/blob/master/doc/contributing/building_ruby.md#building-with-address-sanitizer). |
|
|
|
</details> |
|
# 1. Skip memory allocation failures for now, they are common, and low impact (DoS) |
|
# 2. The Ruby interpreter leaks data, so ignore these for now |
|
# 3. Ruby recommends disabling sigaltstack: https://github.com/ruby/ruby/blob/master/doc/contributing/building_ruby.md#building-with-address-sanitizer |
|
ENV ASAN_OPTIONS="allocator_may_return_null=1:detect_leaks=0:use_sigaltstack=0" |
The downside of this approach is that we require an additional step from users to export this ENV variable. If we use the __asan_default_options function in our source code, then that's one less step. We still need to confirm that ASAN_OPTIONS can overwrite __asan_default_options at runtime in case users need different options.
ASan flags can be specified in a number of ways: https://github.com/google/sanitizers/wiki/AddressSanitizerFlags#run-time-flags.
Currently, we use the
ASAN_OPTIONSENV variable in a number of places:ruzzy/README.md
Lines 57 to 70 in be40045
ruzzy/Dockerfile
Lines 23 to 26 in be40045
The downside of this approach is that we require an additional step from users to
exportthis ENV variable. If we use the__asan_default_optionsfunction in our source code, then that's one less step. We still need to confirm thatASAN_OPTIONScan overwrite__asan_default_optionsat runtime in case users need different options.