AD3040: EnableAddressSanitizerELF¶
Summary¶
| Property | Value |
|---|---|
| ID | AD3040 |
| Name | EnableAddressSanitizerELF |
| Category | Security |
| Severity | Note |
| Applies to | ELF (Linux/Unix) |
Description¶
ELF binaries used for testing should consider enabling AddressSanitizer (ASAN) to detect memory safety issues.
Note: This is an informational rule. ASAN is typically used in testing, not production.
How It Works¶
The rule checks for ASAN symbols:
__asan_*function family- Shadow memory setup
- ASAN runtime library linkage
Why This Matters¶
Memory corruption bugs are the leading cause of security vulnerabilities. ASAN catches them during testing.
What ASAN Detects¶
| Bug Type | Example |
|---|---|
| Heap overflow | malloc(10); buf[20] = x; |
| Stack overflow | char buf[10]; buf[20] = x; |
| Use-after-free | free(p); *p = x; |
| Double-free | free(p); free(p); |
| Memory leaks | (with LeakSanitizer) |
How ASAN Works¶
Shadow memory maps every 8 bytes of program memory to 1 shadow byte
Application memory: [8 bytes] [8 bytes] [8 bytes]
Shadow memory: [1 byte] [1 byte] [1 byte]
Shadow byte values:
0x00 = fully accessible
0x01-0x07 = partially accessible
0xfa = heap redzone
0xfd = freed memory
ASAN Output Example¶
ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000001a
WRITE of size 1 at 0x60200000001a thread T0
#0 main buffer_overflow.c:5
#1 __libc_start_main
0x60200000001a is located 0 bytes after 10-byte region
allocated by thread T0 here:
#0 malloc
#1 main buffer_overflow.c:4
Performance¶
| Metric | Typical |
|---|---|
| CPU | 2x slowdown |
| Memory | 2-3x |
| Acceptable for | Testing, fuzzing |
Resolution¶
Enable ASAN in test builds: