LLVM 3.1 with AddressSanitizer released

By Reini Urban on

The good part:

LLVM 3.1 has been released, and AddressSanitizer is now officially a part of it.

llvm.org/releases/3.1/docs/ReleaseNotes.html

The bad parts:

There are still several issues (= security bugs) with perl-5.16.0 and important modules.

  • heap-overflow threaded-only in swash_init - Carp - caller - gv_stashpvn call perl #113060 cx corruption
  • DBI use-after-free cpan #75614
  • List::Util 1.24 cpan #72700 (be sure to upgrade it from CPAN if you need to use 5.16.0 plain. Fixed in 1.25)
  • clone_with_stack heap-use-after-free on PL_curcop perl #111610

My asan talk at YAPC is on the waiting list. If someone is interested I'll do a hallway meeting. parrot is happy to use it.

asan unrelated:

See my other blog posts about AddressSanitizer:

  1. adventures-with-clang-and-asan
  2. address-sanitizer-round-2

Tagged as:

,

1 Comment

Author Profile Page Alexandr | May 23, 2012 4:31 PM

Cool, thanks. Wanted to try asan for a while now.

About Reini Urban

user-pic Working at cPanel on cperl, B::C (the perl-compiler), parrot, B::Generate, cygwin perl and more guts, keeping the system alive.

More info »