Master the fundamental concepts of binary exploitation through this focused micro-challenge.
AddressSanitizer is a fast memory error detector for C/C++ built into GCC and Clang. It instruments memory accesses at compile time to catch buffer overflows, use-after-free, and other memory bugs with roughly 2x slowdown (much faster than Valgrind).
ASan adds redzones (poisoned memory) around every allocation and maintains a shadow memory map:
Compile with:
cLoading…
ASan detects stack-buffer-overflow, heap-buffer-overflow, use-after-free, and global-buffer-overflow with detailed stack traces showing the exact source line.
You will write a program with intentional memory bugs and document what ASan output looks like for each type. Running tests under ASan in CI catches regressions that unit tests miss, which is why OSS-Fuzz relies on it across hundreds of open-source projects.
Combine -fsanitize=address with -g for source-line stack traces. Set ASAN_OPTIONS=detect_leaks=1 to catch memory leaks alongside overflow detection. ASan adds roughly 2x runtime overhead, making it practical for test suites but not production deployment. Pair ASan with fuzzing (libFuzzer, AFL) to find bugs that only trigger on specific inputs. MSan covers uninitialized reads that ASan misses.
Implement a C program with intentional memory bugs.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github