From 8a57c2ab521e4f52a28b9fb185aedf37635f425e Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 15 Sep 2022 12:05:14 +0200 Subject: [PATCH] configure: Add an option to build with AddressSanitizer --- .lsan.suppressions | 7 ++++++ configure.ac | 24 ++++++++++++++++++- src/libcharon/plugins/vici/python/Makefile.am | 2 +- 3 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 .lsan.suppressions diff --git a/.lsan.suppressions b/.lsan.suppressions new file mode 100644 index 0000000000..be166e53b1 --- /dev/null +++ b/.lsan.suppressions @@ -0,0 +1,7 @@ +leak:EVP_CIPHER_fetch +leak:EVP_KEYEXCH_fetch +leak:EVP_KEYMGMT_fetch +leak:EVP_RAND_fetch +leak:OSSL_DECODER_do_all_provided +leak:OSSL_ENCODER_do_all_provided +leak:OSSL_PROVIDER_load diff --git a/configure.ac b/configure.ac index b152456ba0..dcb92da922 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ # -# Copyright (C) 2007-2017 Tobias Brunner +# Copyright (C) 2007-2022 Tobias Brunner # Copyright (C) 2006-2022 Andreas Steffen # Copyright (C) 2006-2014 Martin Willi # @@ -327,6 +327,7 @@ ARG_ENABL_SET([tss-trousers], [enable the use of the TrouSerS Trusted Software ARG_ENABL_SET([tss-tss2], [enable the use of the TSS 2.0 Trusted Software Stack]) # compile options +ARG_ENABL_SET([asan], [enable build with AddressSanitizer (ASan).]) ARG_ENABL_SET([coverage], [enable lcov coverage report generation.]) ARG_ENABL_SET([git-version], [use output of 'git describe' as version information in executables.]) ARG_ENABL_SET([leak-detective], [enable malloc hooks to find memory leaks.]) @@ -1378,6 +1379,27 @@ if test x$fuzzing = xtrue; then esac fi +if test x$asan = xtrue; then + # adding this here and not earlier or passed to the script avoids issues + # e.g. with libpthread (libasan provides stubs for its functions but no full + # implementation so configure does not detect that -lpthread is required + # when GCC is used, clang always adds -lpthread) + CFLAGS="$CFLAGS -fsanitize=address -fno-omit-frame-pointer" + # this is necessary so AddressSanitizer can resolve symbols e.g. for + # C++ exceptions that are used in libbotan + if test x$botan = xtrue; then + LDFLAGS="$LDFLAGS -lstdc++" + fi + if test x$openssl = xtrue; then + # we need to suppress some leaks with OpenSSL 3 as we don't deinitialze + # it properly + AC_SUBST(LSAN_OPTIONS, [suppressions=\${abs_top_srcdir}/.lsan.suppressions]) + # use this instead of AM_TESTS_ENVIRONMENT as we don't use the parallel + # test harness + AC_SUBST(TESTS_ENVIRONMENT, ['export LSAN_OPTIONS="$(LSAN_OPTIONS)";']) + fi +fi + if test x$ruby_gems = xtrue; then AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin]) if test x$GEM = x; then diff --git a/src/libcharon/plugins/vici/python/Makefile.am b/src/libcharon/plugins/vici/python/Makefile.am index a2e7596e48..aa036c96c9 100644 --- a/src/libcharon/plugins/vici/python/Makefile.am +++ b/src/libcharon/plugins/vici/python/Makefile.am @@ -40,7 +40,7 @@ install-exec-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg endif if USE_TOX - TESTS_ENVIRONMENT = export TOX=$(TOX); + TESTS_ENVIRONMENT += export TOX=$(TOX); AM_TESTS_FD_REDIRECT = 1>&2 TESTS = tox.sh endif -- 2.39.2