[gnutls-devel] GnuTLS | UB+ASAN: Fail tests if UB detected (!1136)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jan 2 12:01:50 CET 2020




Nikos Mavrogiannopoulos commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266435021

> +  - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration
> +  - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
>    - make -j$(nproc)
> -  - make check -j$(nproc)
> -  - CFLAGS="-std=c99 -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2" CXXFLAGS=$CFLAGS LDFLAGS="-static-libubsan" dash ./configure
> -   --cache-file cache/config.cache --disable-non-suiteb-curves --disable-guile --disable-doc --disable-full-test-suite --with-default-trust-store-pkcs11="pkcs11:"
> +  - sed -i 's/-Werror//g' fuzz/Makefile tests/Makefile tests/slow/Makefile
> +  - make check -j$(nproc) -C fuzz
> +  - make check -j$(nproc) -C tests
> +  - dash ./configure --cache-file cache/config.cache --disable-guile --disable-doc --disable-hardware-acceleration --with-default-trust-store-pkcs11="pkcs11:"
>    - make clean
> +  - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile
>    - make -j$(nproc)
> -  - make -C tests check -j$(nproc) TESTS="trust-store p11-kit-load.sh" SUBDIRS=.
> +  - sed -i 's/-Werror//g' fuzz/Makefile tests/Makefile tests/slow/Makefile
> +  - make check -j$(nproc) -C fuzz

The second step tests whether the pkcs11 trust store works. That is not fuzzed, and I believe there is little sense in doing so.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1136#note_266435021
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200102/6d7cd341/attachment.html>


More information about the Gnutls-devel mailing list