[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Integrating fuzzing by way of OSS-Fuzz
- From: Roberto Ierusalimschy <roberto@...>
- Date: Thu, 19 Nov 2020 12:22:08 -0300
> In this case bugs are defined as the sanitizers integrated into LLVM,
> which essentially revolves around memory corruption bugs.
> [...]
As far as I can remember, the only issue we've had with sanitizers
is float-divide-by-zero, because Lua assumes IEEE behavior (NaN
result). There are other options that complain about standard behavior
used by Lua (e.g., unsigned-integer-overflow, unsigned-shift-base).
Can we assume they will not be used?
Another recent issue we had with some sanitizer (or maybe it was
a static analyzer?) was the read of an uninitialized union. When
we use a tagged union, it is common that some tags don't need any
field in the union. The C standard is somewhat vague about this case
(trap representation vs unions), but it does not make sense to
initialize some arbitrary field only to satisfy a tool.
-- Roberto