Fuzzing: build with ASAN as well

Yubico · Nov 6, 2023 · 7f9849c · 7f9849c
1 parent 4485965
commit 7f9849c
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 1 deletion.
diff --git a/.github/workflows/build_and_fuzz.yml b/.github/workflows/build_and_fuzz.yml
@@ -26,3 +26,39 @@ jobs:
             -DENABLE_STATIC=ON    \
             -B build-msan
           cmake --build build-msan
+
+  fuzz_asan:
+    name: fuzz with AddressSanitizer
+    runs-on: ubuntu-latest
+    container: ubuntu:23.04
+
+    steps:
+
+      - name: install dependencies from package management
+        env:
+          DEBIAN_FRONTEND: noninteractive
+        run: |
+          apt -q -y update
+          apt -q -y install                                                                 \
+            llvm-16 clang-16 lld-16                                                         \
+            build-essential cmake ninja-build pkg-config                                    \
+            libssl-dev libedit-dev libcurl4-openssl-dev libusb-1.0-0-dev libpcsclite-dev gengetopt
+
+      - name: clone the Yubico/yubihsm-shell repository
+        uses: actions/checkout@v3
+        with:
+          path: yubihsm-shell
+
+      - name: do build
+        env:
+          CC: clang-16
+          CXX: clang++-16
+        working-directory: yubihsm-shell
+        run: |
+          cmake                   \
+            -DFUZZING=ON          \
+            -DWITHOUT_MANPAGES=ON \
+            -DDISABLE_LTO=ON      \
+            -DENABLE_STATIC=ON    \
+            -B build-asan
+          cmake --build build-asan
diff --git a/cmake/SecurityFlags.cmake b/cmake/SecurityFlags.cmake
@@ -4,7 +4,6 @@ if (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
     CMAKE_C_COMPILER_ID STREQUAL "AppleClang" OR
     CMAKE_C_COMPILER_ID STREQUAL "GNU")
 
-    add_compile_options (-Wall -Wextra -Werror)
     add_compile_options (-Wformat -Wformat-nonliteral -Wformat-security)
     add_compile_options (-Wshadow)
     add_compile_options (-Wcast-qual)
@@ -13,6 +12,7 @@ if (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
     add_compile_options (-pedantic -pedantic-errors)
     add_compile_options (-fpie -fpic)
     if (NOT FUZZING)
+        add_compile_options (-Wall -Wextra -Werror)
         add_compile_options(-O2)
         add_definitions (-D_FORTIFY_SOURCE=2)
     endif ()