1

For example I'd like to ignore sqlite and zlib because I know they're well tested. I grabbed the zpipe.c example and built it like this. Keep in mind I'm using -lz and not building zlib myself. I'm only building zpipe myself and want to limit the sanitize to that one file

clang -g -fsanitize=undefined,memory zpipe.c -lz

I ran echo Test | ./a.out and I got the following error

Uninitialized bytes in __interceptor_fwrite at offset 0 inside [0x7ffd61230bc0, 13)
==50435==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x55767941cd85 in def /tmp/zlib-1.2.12/examples/zpipe.c:70:17
    #1 0x55767941e709 in main /tmp/zlib-1.2.12/examples/zpipe.c:186:15
    #2 0x7f65e834e30f in __libc_start_call_main libc-start.c
    #3 0x7f65e834e3c0 in __libc_start_main@GLIBC_2.2.5 (/usr/lib/libc.so.6+0x2d3c0)
    #4 0x5576793981d4 in _start (/tmp/zlib-1.2.12/examples/a.out+0x211d4)

SUMMARY: MemorySanitizer: use-of-uninitialized-value /tmp/zlib-1.2.12/examples/zpipe.c:70:17 in def

Is there a way I can say assume any data that goes in and out of zlib or sqlite to be safe to use? I'll be linking both and only want to sanitize my own code

Eric Stotch
  • 141
  • 4
  • 19

1 Answers1

0

You can use an ignore list file. https://clang.llvm.org/docs/SanitizerSpecialCaseList.html

Usage:

clang -fsanitize=address -fsanitize-ignorelist=ignorelist.txt foo.c 

See the documentation for details on the format of the file.

optimus_prime
  • 1,039
  • 2
  • 10
  • 21
  • Even if I could get that working, that's not going to work for my use case. I'm going to have many different files call many sqlite functions. I rather list the sqlite functions or the linked library. Writing `fun:malloc` doesn't seem to solve it so IDK how to solve linking to zlib or sqlite (also I'll be using memory sanitizer but I'd imagine solution would work the same way) – Eric Stotch Apr 18 '22 at 20:56
  • 1
    I was able to get the foo.c example working but switching it to memory and using def for zpipe doesn't work. I'm specifically trying to get memory sanitizer working without rebuilding the source. Which I can do but I don't think I can do it for all the libraries I depend on – Eric Stotch Apr 18 '22 at 21:05