From 8976715804dcbd91c399644d0bf02aba482cb1b3 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Wed, 20 May 2020 11:33:12 +0200 Subject: [PATCH 1/2] build-system: build the fuzz targets with both ASan and UBSan Just a follow-up to https://github.com/systemd/systemd/pull/15860 --- meson.build | 2 ++ test/fuzz/meson.build | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/meson.build b/meson.build index f485616d10..20cb2b88a2 100644 --- a/meson.build +++ b/meson.build @@ -3368,6 +3368,8 @@ foreach tuple : sanitizers if want_tests != 'false' and slow_tests test('@0@:@1@:@2@'.format(b, c, sanitizer), env, + env : ['UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1'], + timeout : 60, args : [exe.full_path(), join_paths(project_source_root, p)]) endif diff --git a/test/fuzz/meson.build b/test/fuzz/meson.build index c514f57fe3..7d61e270fd 100644 --- a/test/fuzz/meson.build +++ b/test/fuzz/meson.build @@ -1,17 +1,17 @@ # SPDX-License-Identifier: LGPL-2.1+ -sanitize_address = custom_target( - 'sanitize-address-fuzzers', - output : 'sanitize-address-fuzzers', +sanitize_address_undefined = custom_target( + 'sanitize-address-undefined-fuzzers', + output : 'sanitize-address-undefined-fuzzers', command : [meson_build_sh, project_source_root, '@OUTPUT@', 'fuzzers', - '-Db_lundef=false -Db_sanitize=address', + '-Db_lundef=false -Db_sanitize=address,undefined', ' '.join(cc.cmd_array()), cxx_cmd]) -sanitizers = [['address', sanitize_address]] +sanitizers = [['address,undefined', sanitize_address_undefined]] if git.found() out = run_command( From 157dcb8de3326289b07109c7181b9282c93a6049 Mon Sep 17 00:00:00 2001 From: Evgeny Vereshchagin Date: Wed, 20 May 2020 16:05:32 +0200 Subject: [PATCH 2/2] fuzzit: turn on the pointer-overflow check Now that https://github.com/systemd/systemd/issues/15583 is gone, it should be safe to turn it on. --- travis-ci/managers/fuzzit.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/travis-ci/managers/fuzzit.sh b/travis-ci/managers/fuzzit.sh index a4bb5b143f..ca7fa6aab0 100755 --- a/travis-ci/managers/fuzzit.sh +++ b/travis-ci/managers/fuzzit.sh @@ -22,11 +22,10 @@ cd $REPO_ROOT export PATH="$HOME/.local/bin/:$PATH" # We use a subset of https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#available-checks instead of "undefined" -# because our fuzzers crash with "pointer-overflow" and "float-cast-overflow": -# https://github.com/systemd/systemd/pull/12771#issuecomment-502139157 +# because our fuzzers crash with "float-cast-overflow": # https://github.com/systemd/systemd/pull/12812#issuecomment-502780455 # TODO: figure out what to do about unsigned-integer-overflow: https://github.com/google/oss-fuzz/issues/910 -export SANITIZER="address -fsanitize=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr" +export SANITIZER="address -fsanitize=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,pointer-overflow,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,unsigned-integer-overflow,vla-bound,vptr -fno-sanitize-recover=alignment,array-bounds,bool,bounds,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,nonnull-attribute,null,object-size,pointer-overflow,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr" tools/oss-fuzz.sh FUZZING_TYPE=${1:-regression}