The V8 JavaScript VM in Chrome uses a software-based sandbox these days that is also properly fuzzed with sanitizers.

The idea of the sandbox is to accept the fact that corruptions happen but are well contained within a sandbox due to only relying on certain primitives.

The fuzzer is working well for some cases where we can check the fault address via __asan_report_present() and __asan_get_report_address(). There's still a bunch of cases though wherer there's no detailed informaton available on the report itself.

E.g., for "memcpy-param-overlap" we'd like to get hold of the overlapping ranges. From what we can tell they are not present on any of the asan or sanitizer accessors. They are also not available on the report that is available via hooking __asan_set_error_report_callback().

The only way would seem to directly intercept stdout for the printed message which is not a great setup.