CMake: Sanitizers must be enabled for all code, not just ours

couchbase · Sep 16, 2024 · 7448498 · 7448498
1 parent e49cc56
commit 7448498
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 21 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -159,9 +159,6 @@ set(SQLITE3_INCLUDE_DIR ${CMAKE_CURRENT_LIST_DIR}/vendor/SQLiteCpp/sqlite3) # Fo
 if (LITECORE_WARNINGS_HARDCORE)
     set(FLEECE_WARNINGS_HARDCORE ON CACHE INTERNAL "")
 endif ()
-if (LITECORE_SANITIZE)
-    set(FLEECE_SANITIZE ON CACHE INTERNAL "")
-endif ()
 
 add_subdirectory(vendor/fleece              EXCLUDE_FROM_ALL)
 add_subdirectory(vendor/sqlite3-unicodesn   EXCLUDE_FROM_ALL)

diff --git a/cmake/platform_unix.cmake b/cmake/platform_unix.cmake
@@ -52,31 +52,24 @@ function(setup_litecore_build_unix)
 
 
     if (LITECORE_SANITIZE AND NOT CODE_COVERAGE_ENABLED AND (CMAKE_CXX_COMPILER_ID MATCHES "Clang" OR CMAKE_CXX_COMPILER_ID MATCHES "GNU"))
-        set(LITECORE_COMPILE_OPTIONS
-            -fstack-protector
-            -fsanitize=address
-            -fsanitize-address-use-after-scope
-            -fsanitize=undefined
-            -fno-sanitize-recover=all   # Always exit after UBSan warning
-            # Note: _FORTIFY_SOURCE is incompatible with ASan; defining it will cause build errors
-        )
+        set(LITECORE_SAN_FLAGS "-fstack-protector -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=undefined -fno-sanitize-recover=all")
+        # "-fno-sanitize-recover=all" : Always exit after UBSan warning
+        # Note: _FORTIFY_SOURCE is incompatible with ASan; defining it will cause build errors
         if (CMAKE_CXX_COMPILER_ID MATCHES "Clang")
-            set(LITECORE_COMPILE_OPTIONS
-                ${LITECORE_COMPILE_OPTIONS}
-                -fsanitize=nullability
-                -fsanitize-address-use-after-return=always
-            )
+            set(LITECORE_SAN_FLAGS "${LITECORE_SAN_FLAGS} -fsanitize=nullability -fsanitize-address-use-after-return=always")
         endif ()
+        # Enable sanitizers for ALL targets. It's especially important to set them for all C++
+        # targets, because otherwise the container overflow check can produce false positives:
+        # https://github.com/google/sanitizers/wiki/AddressSanitizerContainerOverflow#false-positives
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${LITECORE_SAN_FLAGS}" CACHE INTERNAL "")
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${LITECORE_SAN_FLAGS}" CACHE INTERNAL "")
+
+        # The linker also needs to be told, so it can link the appropriate sanitizer runtime libs:
         foreach(target LiteCore CppTests C4Tests)
             target_link_options(${target} PRIVATE
                 -fsanitize=address
                 -fsanitize=undefined
             )
-#            if (CMAKE_CXX_COMPILER_ID MATCHES "GNU")
-#                target_link_options(${target} PRIVATE
-#                    -static-libasan
-#                )
-#            endif ()
         endforeach ()
     else()
         set(LITECORE_COMPILE_OPTIONS