Limit integer wrap-around mitigation to only the "size_t" type (for
now). Notably this covers all special functions/builtins that return
"size_t", like sizeof(). This remains an experimental feature and is
likely to be replaced with type annotations.
Reviewed-by: Justin Stitt <justinstitt@google.com>
Link: https://lore.kernel.org/r/20250307041914.937329-3-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
depends on $(cc-option,-fsanitize=unsigned-integer-overflow)
depends on $(cc-option,-fsanitize=implicit-signed-integer-truncation)
depends on $(cc-option,-fsanitize=implicit-unsigned-integer-truncation)
+ depends on $(cc-option,-fsanitize-ignorelist=/dev/null)
help
This option enables all of the sanitizers involved in integer overflow
(wrap-around) mitigation: signed-integer-overflow, unsigned-integer-overflow,
-fsanitize=signed-integer-overflow \
-fsanitize=unsigned-integer-overflow \
-fsanitize=implicit-signed-integer-truncation \
- -fsanitize=implicit-unsigned-integer-truncation
+ -fsanitize=implicit-unsigned-integer-truncation \
+ -fsanitize-ignorelist=$(srctree)/scripts/integer-wrap-ignore.scl
export CFLAGS_UBSAN_INTEGER_WRAP := $(ubsan-integer-wrap-cflags-y)
--- /dev/null
+[{unsigned-integer-overflow,signed-integer-overflow,implicit-signed-integer-truncation,implicit-unsigned-integer-truncation}]
+type:*
+type:size_t=sanitize
projects / thirdparty / kernel / linux.git / commitdiff
