http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59148
--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> --- Well, -D_FORTIFY_SOURCE=2 does things that asan doesn't and can't do, so disabling fortification if you build with -fsanitize=address sounds like a very bad idea to me. IMHO libasan should intercept also the __*_chk calls, test + branch to __chk_fail if they should fail, otherwise fall through to the intercepted original function. For *printf* family __printf_chk etc. also fail on %n if it isn't in read-only string literal.