CI: Add test with -fsanitize=address,undefined.

ci_build.sh was updated to accept disabling of __attribute__ ifunc and CLMUL. This will allow -fsanitize=address to pass because ifunc is incompatible with -fsanitize=address. The CLMUL implementation has optimizations that potentially read past the buffer and mask out the unwanted bytes. This test will only run on Autotools Linux.
2023-06-28 21:01:22 +08:00 · 2023-06-28 21:01:22 +08:00 · 45e250a9e9
parent 596ee722cd
commit 45e250a9e9
2 changed files with 26 additions and 5 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -65,10 +65,10 @@ jobs:
      # -p specifies the phase (build or test) to help narrow down an error
      #    if one occurs.
      #
-      # Start with the 32-bit build because the autoconf cache must be reset
-      # after the build because the 32-bit build sets the CFLAGS env variable.
-      # By starting with the 32-bit build, we only have to clear the
-      # cache once. The 32-bit build is only tested on Autotools Linux.
+      # The first two builds/tests are only run on Autotools Linux and
+      # affect the CFLAGS. Resetting the CFLAGS requires clearing the
+      # config cache between runs, so the tests that require CFLAGS are
+      # done first.
      - name: Build 32-bit
        if: ${{ matrix.os == 'ubuntu-latest' && matrix.build_system == 'autotools' }}
        run: ./build-aux/ci_build.sh -b autotools -p build -f "-m32"
@ -78,6 +78,21 @@ jobs:
            ./build-aux/ci_build.sh -b autotools -p test -f "-m32" -n 32_bit
            cd ../xz_build && make distclean

+      # ifunc and clmul must be disabled for this test because they will
+      # fail with -fsanitize=address. __attribute__ ifunc is incompatible
+      # with -fsanitize=address.CLMUL optimizations will read past the
+      # bounds of small buffers and mask out the unneeded values. This
+      # triggers -fsanitize=address to report an error even though the
+      # operation is safe.
+      - name: Build with -fsanitize=address,undefined
+        if: ${{ matrix.os == 'ubuntu-latest' && matrix.build_system == 'autotools' }}
+        run: ./build-aux/ci_build.sh -b autotools -p build -f "-fsanitize=address,undefined" -d ifunc,clmul
+      - name: Test with -fsanitize=address,undefined
+        if: ${{ matrix.os == 'ubuntu-latest' && matrix.build_system == 'autotools' }}
+        run: |
+            ./build-aux/ci_build.sh -b autotools -p test -f "-fsanitize=address,undefined" -d ifunc,clmul
+            cd ../xz_build && make distclean
+
      - name: Build with full features
        run: ./build-aux/ci_build.sh -b ${{ matrix.build_system }} -p build
      - name: Test with full features
--- a/build-aux/ci_build.sh
+++ b/build-aux/ci_build.sh
@ -19,7 +19,7 @@ set -e
 USAGE="Usage: $0
  -b [autotools|cmake]
  -c [crc32|crc64|sha256]
-  -d [encoders|decoders|bcj|delta|threads|shared|nls|small]
+  -d [encoders|decoders|bcj|delta|threads|shared|nls|small|ifunc|clmul]
  -f [CFLAGS]
  -l [destdir]
  -n [ARTIFACTS_DIR_NAME]
@ -40,6 +40,8 @@ THREADS="y"
 SHARED="y"
 NATIVE_LANG_SUPPORT="y"
 SMALL="n"
+IFUNC="y"
+CLMUL="y"
 SRC_DIR="$ABS_DIR/../"
 DEST_DIR="$SRC_DIR/../xz_build"
 PHASE="all"
@ -80,6 +82,8 @@ while getopts b:c:d:l:n:s:p:f:h opt; do
 		shared) SHARED="n";;
 		nls) NATIVE_LANG_SUPPORT="n";;
 		small) SMALL="y";;
+		ifunc) IFUNC="n";;
+		clmul) CLMUL="n";;
 		*) echo "Invalid disable value: $disable_arg"; exit 1 ;;
 		esac
 	done
@ -197,6 +201,8 @@ then
 		add_extra_option "$SHARED" "" "--disable-shared"
 		add_extra_option "$NATIVE_LANG_SUPPORT" "" "--disable-nls"
 		add_extra_option "$SMALL" "--enable-small" ""
+		add_extra_option "$IFUNC" "" "--disable-ifunc"
+		add_extra_option "$CLMUL" "" "--disable-clmul-crc"

 		# Run configure script
 		"$SRC_DIR"/configure --enable-werror --enable-checks="$CHECK_TYPE" $EXTRA_OPTIONS --config-cache