LLVM 3.1 with AddressSanitizer released
The good part:
LLVM 3.1 has been released, and AddressSanitizer is now officially a part of it.
The bad parts:
There are still several issues (= security bugs) with perl-5.16.0 and important modules.
- heap-overflow threaded-only in swash_init - Carp - caller - gv_stashpvn call perl #113060 cx corruption
- DBI use-after-free cpan #75614
- List::Util 1.24 cpan #72700 (be sure to upgrade it from CPAN if you need to use 5.16.0 plain. Fixed in 1.25)
- clone_with_stack heap-use-after-free on PL_curcop perl #111610
My asan talk at YAPC is on the waiting list. If someone is interested I'll do a hallway meeting. parrot is happy to use it.
- B::COP::stashlen was missing from B perl #113034
See my other blog posts about AddressSanitizer: