> The UndefinedBehaviorSanitizer's (UBSan) signed and unsigned integer overflow sanitization was first utilized when hardening the media stack ... we've expanded usage of these sanitizers in the media framework with each release.
It's a great step but for anyone else looking to capitalize on UBSan make sure you couple it with fuzzing or some other testing strategy that will go beyond just coverage. UBSan won't find latent code that overflows if you don't give it inputs that actually cause overflows.
If this is deployed in release builds — in production — then it is effective in mitigating anything which isn't covered in fuzzing. Your application/process gets terminated, which is perfectly acceptable behavior.
Yup, defense-in-depth requires broad(coverage) and deep(overlapping) holistic solutions. There’s too many defenses on too many platforms to enumerate comprehensively, but they’re discoverable.
As I see it, the main 'security' problems faced by Android are caused by lack of control and transparency for the user.
Until security threats created by the blinkered users - and by the lack of timely updates - are made obvious to them, such 'mitigations' are weak tea indeed.
It's a great step but for anyone else looking to capitalize on UBSan make sure you couple it with fuzzing or some other testing strategy that will go beyond just coverage. UBSan won't find latent code that overflows if you don't give it inputs that actually cause overflows.