Showing results for 
Search instead for 
Did you mean: 

Is it possible to add asan library to STM32CubeIDE?

Kazimierz Król
Associate III

Hi. I am working on a very large project, and recently I discovered that I probably have a buffer overflow issue (a strange error that disappears after commenting a completely unrelated piece of code).

I tried many things already, but nothing worked. I found out that there is a library called sanitizer, which adds checking to array accesses, so I could find any out-of-bounds writes. It is enabled by adding -fsanitize=address to the compiler options. But when I do that, I get this error:

arm-none-eabi-gcc: fatal error: cannot read spec file 'libsanitizer.spec': No such file or directory

I have read somewhere that this error means the libsanitizer is not installed. Do you know if the library could be made available to the CubeIDE's gcc, and how to do that? I couldn't find anything in the internet.

Or perhaps there are other options for buffer overflow checking/detecting? So far I have tried access attribute, adding length parameters to functions operating on arrays, -Warray-bounds, -Wformat-overflow, -Wstringop-overflow and -fbounds-check (which does not seem to do anything, because the compiled code has the same size with and without it), and using strlcat instead of strcat and similar. Nothing worked.

Uwe Bonnes
Principal II

Consider also to few wait states, instable supply or if you only tested on one board a HW error. If your code is in git, bisect.

Thanks for the suggestions. Hardware error is out of the question. I will try bisect, although I don't think it will help, because I suppose the problematic code has been introduced a long time ago, but became visible only now, because of the recent changes in the code caused the overflowing data to overwrite meaningful data. Before it could land on an unused part of another buffer, or something that wasn't immediately visible. If I rewind a long way back the code may work fine because the bug hasn't been introduced yet, or it has, but the overwritten data was not important.

Uwe Bonnes
Principal II

Is the error random or does it hit the same variable. Consider setting up wawatchpoint on the memory that gets overwritten. Look at e.g. too

Pavel A.
Evangelist III

> I have read somewhere that this error means the libsanitizer is not installed.

No, this error means exactly what it says: the file libsanitizer.spec is not present.

Spec files are text configuration files of gcc, they define various internal parameters.

For the sanitize support, gcc looks for extra spec file, which may pull in some runtime library.

IMHO you can ask how to get the sanitizer support for this toolchain on the ARM forum or stack overflow.

It's more complicated. The error appears as the mbedtls library failing to connect to the server (because of server response timeout). But the server is fine, and it all works when I comment the body of a particular function that isn't even called before the error occurs. I don't actually know what variable gets corrupted, and in what way, but it seems that the corruption is nor random.