[gnutls-devel] GnuTLS | New CI runner with clang ubsan+asan (!1151)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Jan 27 12:50:06 CET 2020 



Tim Rühsen commented on a discussion on .gitlab-ci.yml: https://gitlab.com/gnutls/gnutls/merge_requests/1151#note_277295816

> +  - ./bootstrap
> +  - export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1:suppressions=$(pwd)/devel/ubsan.supp
> +  - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp
> +  - export ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer
> +  - export CC=clang
> +  - export CXX=clang++
> +
> +# This makes several tests fail, needs discussion if helpful
> +#  - export CFLAGS="-std=c99 -O1 -g -Werror -fno-omit-frame-pointer -fsanitize=undefined,integer,nullability,bool,alignment,null,enum,address,leak,nonnull-attribute  -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow -fsanitize-address-use-after-scope"
> +
> +# This is from OSS-Fuzz (20.12.2019)
> +  - export CFLAGS="-std=c99 -O1 -g -Werror -fno-omit-frame-pointer -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr,address,leak,alignment -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow -fsanitize-address-use-after-scope"
> +
> +  - export CXXFLAGS="$CFLAGS"
> +
> +# --disable-tls13-interop because tests/suite/testcompat-tls13-openssl.sh fails with clang sanitizers 

I accidentally had `--disable-tls13-interop` in my ASAN tests, that why they succeeded.

`testcompat-tls13-openssl.sh` fails even with the most basic address sanitize options. Tested with clang-8, clang-9 and clang-10. The sanitizer itself doesn't trigger. So there must be some subtleties going on - not sure why OSS-Fuzz with it's many projects doesn't stumble upon it somewhere.

```
CFLAGS="-fsanitize=address" CC=clang ./configure --disable-guile --disable-doc --disable-hardware-acceleration
make clean
make -j$(nproc)
make check -j$(nproc) -C tests TESTS="setcredcrash"
make check -j$(nproc) -C tests/suite TESTS=testcompat-tls13-openssl.sh
```

The setcredcrash line just builds everything in `tests/`, else `testcompat-tls13-openssl.sh` will SKIP. Like a dependency issue in `tests/suite/Makefile.am`.

Either we leave the ASAN runner away or we use `--disable-tls13-interop` until we tracked down the real issue.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1151#note_277295816
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200127/69bd97ee/attachment.html>

More information about the Gnutls-devel mailing list