Skills

address-sanitizer

Installation
Summary

Memory error detection for C/C++ fuzzing via compile-time instrumentation.

  • Detects buffer overflows, use-after-free, double-free, and memory leaks by instrumenting code at compile time with the -fsanitize=address flag
  • Requires approximately 20TB of virtual memory; disable fuzzer memory limits with -rss_limit_mb=0 (libFuzzer) or -m none (AFL++)
  • Introduces 2–4x performance overhead; best suited for testing and fuzzing, not production use
  • Integrates with libFuzzer, AFL++, cargo-fuzz, and honggfuzz; configure via ASAN_OPTIONS environment variable for verbosity, leak detection, and error handling behavior
SKILL.md

AddressSanitizer (ASan)

AddressSanitizer (ASan) is a widely adopted memory error detection tool used extensively during software testing, particularly fuzzing. It helps detect memory corruption bugs that might otherwise go unnoticed, such as buffer overflows, use-after-free errors, and other memory safety violations.

Overview

ASan is a standard practice in fuzzing due to its effectiveness in identifying memory vulnerabilities. It instruments code at compile time to track memory allocations and accesses, detecting illegal operations at runtime.

Key Concepts

Concept Description
Instrumentation ASan adds runtime checks to memory operations during compilation
Shadow Memory Maps 20TB of virtual memory to track allocation state
Performance Cost Approximately 2-4x slowdown compared to non-instrumented code
Detection Scope Finds buffer overflows, use-after-free, double-free, and memory leaks

When to Apply

Related skills

More from trailofbits/skills

Installs
2.2K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass