CMASan: Custom Memory Allocator-aware Address Sanitizer
Junwha Hong, Wonil Jang, Mijung Kim, Lei Yu, Yonghwi Kwon, Yuseok Jeon
IEEE Symposium on Security and Privacy 2025 · Day 1 · Memory Safety
In the realm of software security, memory safety bugs remain a persistent and critical threat. Tools like **AddressSanitizer (ASan)** have become indispensable for detecting common memory errors such as buffer overflows, use-after-free (UAF), and double-free vulnerabilities. However, ASan's effectiveness is predicated on its ability to intercept and replace standard memory allocation functions like `malloc` and `free`. This talk, presented by Junwha Hong from Unist, along with collaborators from Rula Poly Techch Institute and the University of Maryland, unveils a significant blind spot in ASan's coverage: **Custom Memory Allocators (CMAs)**.