From 83529f07ca66ec288f1c506a673569b9d8de8368 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 19 Aug 2022 15:48:34 +0200 Subject: [PATCH] Always automatically add -DPEDANTIC with enable-ubsan To avoid reports like: #19028 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/19029) --- .github/workflows/ci.yml | 2 +- .github/workflows/fuzz-checker.yml | 4 ++-- .github/workflows/run-checker-merge.yml | 2 +- Configure | 4 +--- 4 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3d6a4e0376a..843ed480cd1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -144,7 +144,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: config - run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DPEDANTIC && perl configdata.pm --dump + run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml index 9e5627fd031..2347ebae41d 100644 --- a/.github/workflows/fuzz-checker.yml +++ b/.github/workflows/fuzz-checker.yml @@ -25,7 +25,7 @@ jobs: cc: afl-clang-fast }, { name: libFuzzer, - config: enable-fuzz-libfuzzer -DPEDANTIC enable-asan enable-ubsan, + config: enable-fuzz-libfuzzer enable-asan enable-ubsan, libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/lib/llvm-12/build/lib/clang/12.0.0/include/fuzzer, install: libfuzzer-12-dev, cc: clang-12, @@ -33,7 +33,7 @@ jobs: tests: -test_memleak }, { name: libFuzzer+, - config: enable-fuzz-libfuzzer -DPEDANTIC enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, + config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/lib/llvm-12/build/lib/clang/12.0.0/include/fuzzer, extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg, install: libfuzzer-12-dev, diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml index dcc9d0d15f5..82f3b29b0e9 100644 --- a/.github/workflows/run-checker-merge.yml +++ b/.github/workflows/run-checker-merge.yml @@ -25,7 +25,7 @@ jobs: no-engine no-shared, no-err, no-filenames, - enable-ubsan no-asm -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment, + enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment, no-unit-test, enable-weak-ssl-ciphers, enable-zlib, diff --git a/Configure b/Configure index 76f5d6299f6..b5ee68d54db 100755 --- a/Configure +++ b/Configure @@ -1509,9 +1509,7 @@ unless ($disabled{asan} || defined $detected_sanitizers{asan}) { } unless ($disabled{ubsan} || defined $detected_sanitizers{ubsan}) { - # -DPEDANTIC or -fnosanitize=alignment may also be required on some - # platforms. - push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all"; + push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all", "-DPEDANTIC"; } unless ($disabled{msan} || defined $detected_sanitizers{msan}) { -- 2.47.2