@@ -254,7 +254,7 @@ jobs:
- name: autoconf
run: autoreconf -fvi
- name: configure
- run: CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}}
+ run: CFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}}
- name: make all
run: make -j3
- name: make check
@@ -269,8 +269,8 @@ jobs:
os: [macos-11, macos-12]
include:
- build: asan
- cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
- ldflags: -fsanitize=address
+ cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
+ ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all
# Our build system ignores LDFLAGS for plugins
configureflags: --disable-plugin-auth-pam --disable-plugin-down-root
- build: normal
@@ -390,8 +390,8 @@ jobs:
configureflags: ["--with-openssl-engine=no"]
include:
- build: asan
- cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
- ldflags: -fsanitize=address
+ cflags: "-fsanitize=address -fno-sanitize-recover=all -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
+ ldflags: -fsanitize=address -fno-sanitize-recover=all
cc: clang
- build: normal
cflags: "-O2 -g"
The -fno-sanitize-recover=all flag ensures that for all errors we actually abort the tests in the automated testing and not just print some errors in red that nobody sess. Also add the undefined tests to catch more bugs. For libreSSL we do not add the udefined behaviour as we have (even with the latest LibreSSL version) an undefined behaviour in LibreSSL itself. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- .github/workflows/build.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)