Re: Integrating fuzzing by way of OSS-Fuzz

[david korczynski <david@...>]

Yes, we can disable the use of undefined behavior sanitizer to avoid
errors like the arithmetic ones. About the use of uninitialised union
then I believe we can also discard those, but naturally we can ignore
any bugs if we don't find them relevant. This will not stop the fuzzers
of OSS-Fuzz in looking for more interesting bugs.

The read of uninitialized union I am pretty sure we can also avoid

On 19/11/2020 15:22, Roberto Ierusalimschy wrote:
> > In this case bugs are defined as the sanitizers integrated into LLVM,
> > which essentially revolves around memory corruption bugs.
> > [...]
> As far as I can remember, the only issue we've had with sanitizers
> is float-divide-by-zero, because Lua assumes IEEE behavior (NaN
> result). There are other options that complain about standard behavior
> used by Lua (e.g., unsigned-integer-overflow, unsigned-shift-base).
> Can we assume they will not be used?
>
> Another recent issue we had with some sanitizer (or maybe it was
> a static analyzer?)  was the read of an uninitialized union. When
> we use a tagged union, it is common that some tags don't need any
> field in the union. The C standard is somewhat vague about this case
> (trap representation vs unions), but it does not make sense to
> initialize some arbitrary field only to satisfy a tool.
>
> -- Roberto
> ADA Logics Ltd is registered in England. No: 11624074.
> Registered office: 266 Banbury Road, Post Box 292,
> OX2 7DL, Oxford, Oxfordshire , United Kingdom
ADA Logics Ltd is registered in England. No: 11624074.
Registered office: 266 Banbury Road, Post Box 292,
OX2 7DL, Oxford, Oxfordshire , United Kingdom