Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / d9551db089e01d08db4198d7cef4aaecc878b9ea^! / .
commitd9551db089e01d08db4198d7cef4aaecc878b9ea[log] [tgz]
authorGeorge Burgess IV <gbiv@google.com>Thu Aug 17 18:51:02 2017 -0700
committerGeorge Burgess IV <gbiv@google.com>Fri Aug 18 13:33:45 2017 -0700
treea8cdee1eb37db3533366f8bff3bfffe010e0a9df
parentcf3b0c183d9a6910db6384e6f8095c414041ea0c [diff]
Disable FORTIFY on ASAN builds

FORTIFY's *_chk functions mess with ASAN's library function
interceptors, which can apparently result in false-positives.

Since adding even more complexity to every run-time check condition in
FORTIFY doesn't seem like a great idea, and the majority of our builds
will still use FORTIFY anyway, turning FORTIFY off here seems
reasonable.

Bug: 63104159
Test: checkbuild on internal master + CtsBionicTestCases. No new
failures.

Change-Id: Id32e551e28ee70a9815ad140c3253b86f03de63f

diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h
index 71d8426..58eebc5 100644
--- a/libc/include/sys/cdefs.h
+++ b/libc/include/sys/cdefs.h

@@ -239,9 +239,18 @@
 
 #define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1)
 
-#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \
-      (defined(__clang__) || (defined(__OPTIMIZE__) && __OPTIMIZE__ > 0))
-#  define __BIONIC_FORTIFY 1
+#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
+#  if defined(__clang__)
+/* FORTIFY's _chk functions effectively disable ASAN's stdlib interceptors. */
+#    if !__has_feature(address_sanitizer)
+#      define __BIONIC_FORTIFY 1
+#    endif
+#  elif defined(__OPTIMIZE__) && __OPTIMIZE__ > 0
+#    define __BIONIC_FORTIFY 1
+#  endif
+#endif
+
+#if defined(__BIONIC_FORTIFY)
 #  if _FORTIFY_SOURCE == 2
 #    define __bos_level 1
 #  else

diff --git a/tests/Android.bp b/tests/Android.bp
index 084d393..ea3f39f 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp

@@ -192,6 +192,26 @@
     },
 }
 
+// If building this fails, then we have both FORTIFY and ASAN enabled, which
+// isn't desirable. (Ideally, we'd emit FORTIFY diagnostics even with ASAN
+// enabled, but that's not a reality today.) This is meant to be otherwise
+// unused.
+cc_test_library {
+    name: "fortify_disabled_for_asan",
+    cflags: [
+        "-Werror",
+        "-D_FORTIFY_SOURCE=2",
+        // "sanitize: address" doesn't work on platforms where libasan isn't
+        // enabled. Since the intent is just to build this, we can get away with
+        // passing this flag on its own.
+        "-fsanitize=address",
+    ],
+    // Ignore that we don't have ASAN symbols linked in.
+    allow_undefined_symbols: true,
+    srcs: ["fortify_compilation_test.cpp"],
+    clang: true,
+}
+
 cc_test_library {
     name: "libfortify1-tests-clang",
     defaults: ["bionic_fortify_tests_defaults", "bionic_tests_defaults"],