diff options
| author | Darren Tucker <dtucker@dtucker.net> | 2022-07-03 21:46:44 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2022-07-03 22:53:44 +1000 |
| commit | 7394ed80c4de8b228a43c8956cf2fa1b9c6b2622 (patch) | |
| tree | 3757cd61549a53f8ce601b23a723b25046a1b547 /.github/configs | |
| parent | bfce0e66b6017a9bfab450b9dc7d4b16f90de817 (diff) | |
Add clang sanitizer tests.
Diffstat (limited to '.github/configs')
| -rwxr-xr-x | .github/configs | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/.github/configs b/.github/configs index 871a3d41..d0ed7395 100755 --- a/.github/configs +++ b/.github/configs @@ -17,6 +17,7 @@ SUDO=sudo # run with sudo by default TEST_SSH_UNSAFE_PERMISSIONS=1 # Stop on first test failure to minimize logs TEST_SSH_FAIL_FATAL=yes +unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO CONFIGFLAGS="" LIBCRYPTOFLAGS="" @@ -41,6 +42,48 @@ case "$config" in CFLAGS="-Wall -Wextra -O2 -Wno-error=implicit-fallthrough -Wno-error=unused-parameter" CONFIGFLAGS="--with-pam --with-Werror" ;; + clang-sanitize-*) + # - We replace chroot with chdir so that the sanitizer in the preauth + # privsep process can read /proc. + # - clang does not recognizes explicit_bzero so we use bzero + # (see https://github.com/google/sanitizers/issues/1507 + # - openssl and zlib trip ASAN. + # - sp_pwdp returned by getspnam trips ASAN, hence disabling shadow. + case "$config" in + clang-sanitize-address) + CFLAGS="-fsanitize=address -fno-omit-frame-pointer" + LDFLAGS="-fsanitize=address" + CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -DASAN_OPTIONS=\"detect_leaks=0:log_path=/tmp/asan.log\"' + CONFIGFLAGS="--without-openssl --without-zlib --without-shadow" + TEST_TARGET="t-exec" + ;; + clang-sanitize-memory) + CFLAGS="-fsanitize=memory -fsanitize-memory-track-origins" + LDFLAGS="-fsanitize=memory" + CPPFLAGS='-Dchroot=chdir -Dexplicit_bzero=bzero -DMSAN_OPTIONS=\"log_path=/tmp/msan.log\"' + CONFIGFLAGS="--without-openssl --without-zlib --without-shadow" + TEST_TARGET="t-exec" + ;; + clang-sanitize-undefined) + CFLAGS="-fsanitize=undefined" + LDFLAGS="-fsanitize=undefined" + ;; + *) + echo unknown sanitize option; + exit 1;; + esac + # Find the newest available version of clang + for i in `seq 10 99`; do + clang=$(which clang-$i 2>/dev/null) + [ -x "$clang" ] && CC="$clang" + done + features="--disable-security-key --disable-pkcs11" + hardening="--without-sandbox --without-hardening --without-stackprotect" + privsep="--with-privsep-user=root" + CONFIGFLAGS="$CONFIGFLAGS $features $hardening $privsep" + # Because we hobble chroot we can't test it. + SKIP_LTESTS=sftp-chroot + ;; gcc-11-Werror) CC="gcc" # -Wnoformat-truncation in gcc 7.3.1 20180130 fails on fmt_scaled @@ -227,5 +270,5 @@ if [ -x "$(which plink 2>/dev/null)" ]; then export REGRESS_INTEROP_PUTTY fi -export CC CFLAGS LTESTS SUDO +export CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL |