[tor-bugs] #10599 [Tor bundles/installation]: Investigate building TBB with SoftBound or AddressSanitizer

[Tor Bug Tracker & Wiki]

#10599: Investigate building TBB with SoftBound or AddressSanitizer
------------------------------------------+--------------------------------
     Reporter:  mikeperry                 |      Owner:  erinn
         Type:  enhancement               |     Status:  new
     Priority:  major                     |  Milestone:
    Component:  Tor bundles/installation  |    Version:
   Resolution:                            |   Keywords:  gitian, tbb-
Actual Points:                            |  security
       Points:                            |  Parent ID:
------------------------------------------+--------------------------------

Comment (by gk):

 Okay. It turned out that my analysis was not correct. The crash in comment
 11 happens only for i386 builds for reasons yet to be investigated. 64 bit
 builds are not affected. I uploaded a bundle to
 https://people.torproject.org/~gk/testbuilds/asan/20140521/
 Doing a
 {{{
 export ASAN_OPTIONS=alloc_dealloc_mismatch=0
 }}}
 might help while testing. Corresponding to the build is the branch
 hardening_asan_linux_x86-64 branch in my public tor-browser-bundle repo
 that I basically used to create the test bundle. Two things are needed to
 somewhat reproduce my work:

 1) The standard Gitian VM is not big enough. One has to raise the value of
 the --rootsize flag in gitian-builder's make-base-vm script.
 2) One needs the custom .mozconfig-asan file which is attached (It seems I
 cant't easily upload files starting with a ".". Thus, I renamed it to
 "mozconfig". But the build scripts in hardening_asan_linux_x86-64 like to
 have a .mozconfig-asan). Mike: could you add that one (as .mozconfig-asan)
 to the tor-browser repo?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10599#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online