[Openvpn-devel] Add undefined and abort on error to clang sanaitize builds

Message ID 20231022105756.21080-1-gert@greenie.muc.de
State Accepted
Headers show
Series [Openvpn-devel] Add undefined and abort on error to clang sanaitize builds | expand

Commit Message

Gert Doering Oct. 22, 2023, 10:57 a.m. UTC
From: Arne Schwabe <arne@rfc2549.org>

The -fno-sanitize-recover=all flag ensures that for all errors we actually
abort the tests in the automated testing and not just print some errors in red
that nobody sess. Also add the undefined tests to catch more bugs.

For libreSSL we do not add the udefined behaviour as we have (even with the
latest LibreSSL version) an undefined behaviour in LibreSSL itself.

Change-Id: I204b396dea9f22d68e8e091d181a85ffebde4c17
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/375
This mail reflects revision 1 of this Change.
Acked-by according to Gerrit (reflected above):
Frank Lichtenheld <frank@lichtenheld.com>

Comments

Gert Doering Oct. 22, 2023, 11:03 a.m. UTC | #1
Your patch has been applied to the master branch.

commit 44d5cd038cb5b62dafc4aa784cfa2ccb7d670df7 (master)
Author: Arne Schwabe
Date:   Sun Oct 22 12:57:56 2023 +0200

     Add undefined and abort on error to clang sanitize builds

     Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
     Message-Id: <20231022105756.21080-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27278.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
Gert Doering Oct. 22, 2023, 12:43 p.m. UTC | #2
Hi,

On Sun, Oct 22, 2023 at 01:03:17PM +0200, Gert Doering wrote:
> Your patch has been applied to the master branch.
> 
> commit 44d5cd038cb5b62dafc4aa784cfa2ccb7d670df7 (master)

... and github actions is a bit unappy about the result... seems we
are missing a cleanup patch...

2023-10-22 11:44:03 UDPv6 link remote: [AF_INET6]::1:16000
    #0 0x10a27354b in get_default_gateway route.c:3675
    #1 0x10a2d5503 in warn_on_use_of_common_subnets tun.c:656
    #2 0x10a19ed6e in do_option_warnings init.c:3640
    #3 0x10a19ca44 in init_instance init.c:4514
    #4 0x10a19c605 in init_instance_handle_signals init.c:4411
    #5 0x10a1fd1ab in tunnel_point_to_point openvpn.c:65
    #6 0x10a1fcd57 in openvpn_main openvpn.c:312
    #7 0x10a1fc888 in main openvpn.c:393
    #8 0x7fff20477f3c in start+0x0 (libdyld.dylib:x86_64+0x15f3c)

... and I know which one that is - blame is on me, will take care of it.

gert

Patch

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 58fbc29..2a25582 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -186,7 +186,7 @@ 
       - name: autoconf
         run: autoreconf -fvi
       - name: configure
-        run: CFLAGS="-fsanitize=address -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}}
+        run: CFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=all  -fno-omit-frame-pointer -O2" CC=clang ./configure --with-crypto-library=${{matrix.ssllib}}
       - name: make all
         run: make -j3
       - name: make check
@@ -201,8 +201,8 @@ 
         os: [macos-11, macos-12, macos-13]
         include:
           - build: asan
-            cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
-            ldflags: -fsanitize=address
+            cflags: "-fsanitize=address,undefined -fno-sanitize-recover=all  -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
+            ldflags: -fsanitize=address,undefined -fno-sanitize-recover=all 
             # Our build system ignores LDFLAGS for plugins
             configureflags: --disable-plugin-auth-pam  --disable-plugin-down-root
           - build: normal
@@ -300,8 +300,8 @@ 
         configureflags: ["--with-openssl-engine=no"]
         include:
           - build: asan
-            cflags: "-fsanitize=address -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
-            ldflags: -fsanitize=address
+            cflags: "-fsanitize=address -fno-sanitize-recover=all  -fno-optimize-sibling-calls -fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
+            ldflags: -fsanitize=address -fno-sanitize-recover=all
             cc: clang
           - build: normal
             cflags: "-O2 -g"