I know rust can trigger some false positives with address sanitizer. In fuzzing a crate I got some real findings but also got ThreadSanitizer to trigger on some inputs. Does anyone have experience with if I can trust it with rust? I haven't had it trigger before
With thread sanitizer false positives are highly likely if you have uninstrumented code that uses atomics, custom asm for synchronization, or atomic fences. Otherwise you should be fine.
ASAN sometimes triggers false positives on this C++ oriented check, which is quite easy to disable: https://github.com/google/sanitizers/wiki/AddressSanitizerOneDefinitionRuleViolation
Here's the workaround in action: https://github.com/image-rs/image-png/blob/edcf8b07a355159fe69248aeb757cc48f212cf41/png-afl/src/main.rs#L6