Valgrind can only catch bugs that are exposed while the program is running under... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gizmo686 on Dec 8, 2014 \| parent \| context \| favorite \| on: Valgrind is much more than a leak checking tool Valgrind can only catch bugs that are exposed while the program is running under it. In most cases (when you have a good testsuite), this is sufficient. However, especially in the case of security vulnerabilities, you might have a bug that is only exposed on specific or malformed input that non of your testsuites check for. For example, if you are parsing input from an untrusted source, and that input has a length prefixed field. Unless your testsuite includes a message whose length prefix is longer than the actual length, Valgrind will not tell you that you will potentially overflow, because you do not do so in any of your tests.

ars on Dec 8, 2014 [–]

I understood all that, that's why I mentioned -fsanitize

pjmlp on Dec 8, 2014 | [–]

Which only works in two C compilers that aren't available in all OS out there.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact