From 7f9849cbb4bd2fb3c545066d52a29a668f1677eb Mon Sep 17 00:00:00 2001 From: Alexandru Geana Date: Mon, 6 Nov 2023 16:34:00 +0100 Subject: [PATCH] Fuzzing: build with ASAN as well --- .github/workflows/build_and_fuzz.yml | 36 ++++++++++++++++++++++++++++ cmake/SecurityFlags.cmake | 2 +- 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_and_fuzz.yml b/.github/workflows/build_and_fuzz.yml index 2adf58d63..d8e44aa89 100644 --- a/.github/workflows/build_and_fuzz.yml +++ b/.github/workflows/build_and_fuzz.yml @@ -26,3 +26,39 @@ jobs: -DENABLE_STATIC=ON \ -B build-msan cmake --build build-msan + + fuzz_asan: + name: fuzz with AddressSanitizer + runs-on: ubuntu-latest + container: ubuntu:23.04 + + steps: + + - name: install dependencies from package management + env: + DEBIAN_FRONTEND: noninteractive + run: | + apt -q -y update + apt -q -y install \ + llvm-16 clang-16 lld-16 \ + build-essential cmake ninja-build pkg-config \ + libssl-dev libedit-dev libcurl4-openssl-dev libusb-1.0-0-dev libpcsclite-dev gengetopt + + - name: clone the Yubico/yubihsm-shell repository + uses: actions/checkout@v3 + with: + path: yubihsm-shell + + - name: do build + env: + CC: clang-16 + CXX: clang++-16 + working-directory: yubihsm-shell + run: | + cmake \ + -DFUZZING=ON \ + -DWITHOUT_MANPAGES=ON \ + -DDISABLE_LTO=ON \ + -DENABLE_STATIC=ON \ + -B build-asan + cmake --build build-asan diff --git a/cmake/SecurityFlags.cmake b/cmake/SecurityFlags.cmake index 04c354216..a4fa87134 100644 --- a/cmake/SecurityFlags.cmake +++ b/cmake/SecurityFlags.cmake @@ -4,7 +4,6 @@ if (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR CMAKE_C_COMPILER_ID STREQUAL "AppleClang" OR CMAKE_C_COMPILER_ID STREQUAL "GNU") - add_compile_options (-Wall -Wextra -Werror) add_compile_options (-Wformat -Wformat-nonliteral -Wformat-security) add_compile_options (-Wshadow) add_compile_options (-Wcast-qual) @@ -13,6 +12,7 @@ if (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR add_compile_options (-pedantic -pedantic-errors) add_compile_options (-fpie -fpic) if (NOT FUZZING) + add_compile_options (-Wall -Wextra -Werror) add_compile_options(-O2) add_definitions (-D_FORTIFY_SOURCE=2) endif ()