summaryrefslogtreecommitdiffstats
path: root/m4/sanitizer.m4
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--m4/sanitizer.m463
1 files changed, 63 insertions, 0 deletions
diff --git a/m4/sanitizer.m4 b/m4/sanitizer.m4
new file mode 100644
index 0000000..57917a7
--- /dev/null
+++ b/m4/sanitizer.m4
@@ -0,0 +1,63 @@
+AC_DEFUN([SUDO_CHECK_SANITIZER], [
+ if test X"${enable_sanitizer}{enable_fuzzer}" != X"nono"; then
+ dnl
+ dnl For fuzz_policy we redefine getaddrinfo() and freeaddrinfo(), but
+ dnl this can cause problems with ld.lld when sanitizers are enabled.
+ dnl
+ AX_CHECK_LINK_FLAG([-Wl,--allow-multiple-definition], [AX_APPEND_FLAG([-Wl,--allow-multiple-definition], [ASAN_LDFLAGS])])
+ fi
+
+ dnl
+ dnl Check for -fsanitize support
+ dnl This test relies on AC_LANG_WERROR
+ dnl
+ if test X"$enable_sanitizer" != X"no"; then
+ AX_CHECK_COMPILE_FLAG([$enable_sanitizer], [
+ AX_APPEND_FLAG([$enable_sanitizer], [ASAN_CFLAGS])
+ AX_APPEND_FLAG([-XCClinker], [ASAN_LDFLAGS])
+ AX_APPEND_FLAG([$enable_sanitizer], [ASAN_LDFLAGS])
+ AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [
+ AX_APPEND_FLAG([-fno-omit-frame-pointer], [CFLAGS])
+ ])
+ AC_DEFINE(NO_LEAKS)
+ dnl
+ dnl Check for libasan.so to preload it before sudo_intercept.so.
+ dnl gcc links asan dynamically, clang links it statically.
+ dnl
+ case `$CC --version 2>&1` in
+ *gcc*)
+ libasan=`$CC -print-file-name=libasan.so 2>/dev/null`
+ if test -n "$libasan" -a X"$libasan" != X"libasan.so"; then
+ # libasan.so may be a linker script
+ libasan="`awk 'BEGIN {lib=ARGV[[1]]} /^INPUT/ {lib=$[3]} END {print lib}' \"$libasan\"`"
+ SUDO_DEFINE_UNQUOTED(_PATH_ASAN_LIB, "$libasan", [Path to the libasan.so shared library])
+ fi
+ ;;
+ esac
+ ], [
+ AC_MSG_ERROR([$CC does not support the $enable_sanitizer flag])
+ ])
+ fi
+
+ if test X"$enable_fuzzer" = X"yes"; then
+ AX_CHECK_COMPILE_FLAG([-fsanitize=fuzzer-no-link], [
+ AX_APPEND_FLAG([-fsanitize=fuzzer-no-link], [ASAN_CFLAGS])
+ AX_APPEND_FLAG([-XCClinker], [ASAN_LDFLAGS])
+ AX_APPEND_FLAG([-fsanitize=fuzzer-no-link], [ASAN_LDFLAGS])
+ if test -z "$FUZZ_ENGINE"; then
+ FUZZ_ENGINE="-fsanitize=fuzzer"
+ fi
+ AX_CHECK_COMPILE_FLAG([-fno-omit-frame-pointer], [
+ AX_APPEND_FLAG([-fno-omit-frame-pointer], [CFLAGS])
+ ])
+ # Use CFLAGS, not CPPFLAGS to match oss-fuzz behavior
+ AX_APPEND_FLAG([-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION], [CFLAGS])
+ AC_DEFINE(NO_LEAKS)
+ ], [
+ AC_MSG_ERROR([$CC does not support the -fsanitize=fuzzer-no-link flag])
+ ])
+ else
+ # Not using compiler fuzzing support, link with stub library.
+ FUZZ_ENGINE='$(top_builddir)/lib/fuzzstub/libsudo_fuzzstub.la'
+ fi
+])