From 23945b8f43345f093b6499176f1bce5384f36762 Mon Sep 17 00:00:00 2001 From: pmq Date: Mon, 31 Jul 2023 10:00:48 -0700 Subject: [PATCH] Add sanitizers from zlib-ng Co-authored-by: Nathan Moinvaziri --- .github/workflows/build.yml | 21 +++++ CMakeLists.txt | 16 ++++ README.md | 59 +++++++------ cmake/detect-sanitizer.cmake | 166 +++++++++++++++++++++++++++++++++++ 4 files changed, 233 insertions(+), 29 deletions(-) create mode 100644 cmake/detect-sanitizer.cmake diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d293f15..ab5022a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -13,6 +13,27 @@ jobs: compiler: gcc cxx-compiler: g++ + - name: Ubuntu GCC ASAN + os: ubuntu-latest + compiler: gcc + cxx-compiler: g++ + cmake-args: -D MZ_SANITIZER=Address + codecov: ubuntu_gcc_asan + + - name: Ubuntu GCC UBSAN + os: ubuntu-latest + compiler: gcc + cxx-compiler: g++ + cmake-args: -D MZ_SANITIZER=Undefined + codecov: ubuntu_gcc_undefined + + - name: Ubuntu GCC MSAN + os: ubuntu-latest + compiler: gcc + cxx-compiler: g++ + cmake-args: -D MZ_SANITIZER=Memory + codecov: ubuntu_gcc_msan + # No code coverage on release builds - name: Ubuntu 20 Clang os: ubuntu-20.04 diff --git a/CMakeLists.txt b/CMakeLists.txt index a8619e2..9c4acf1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -29,6 +29,8 @@ include(CheckTypeSize) include(GNUInstallDirs) include(FeatureSummary) +include(cmake/detect-sanitizer.cmake) + list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_LIST_DIR}/cmake") message(STATUS "Using CMake version ${CMAKE_VERSION}") @@ -59,6 +61,9 @@ option(MZ_BUILD_TESTS "Builds minizip test executable" OFF) option(MZ_BUILD_UNIT_TESTS "Builds minizip unit test project" OFF) option(MZ_BUILD_FUZZ_TESTS "Builds minizip fuzzer executables" OFF) option(MZ_CODE_COVERAGE "Builds with code coverage flags" OFF) +# Multi-choice code sanitizer option +set(MZ_SANITIZER AUTO CACHE STRING "Enable sanitizer support") +set_property(CACHE MZ_SANITIZER PROPERTY STRINGS "Memory" "Address" "Undefined" "Thread") # Backwards compatibility if(DEFINED MZ_BUILD_TEST) @@ -624,6 +629,17 @@ if(MZ_COMPAT) list(APPEND MINIZIP_HDR mz_compat.h ${CMAKE_CURRENT_BINARY_DIR}/zip.h ${CMAKE_CURRENT_BINARY_DIR}/unzip.h) endif() +# Detect available sanitizers +if(MZ_SANITIZER STREQUAL "Address") + add_address_sanitizer() +elseif(MZ_SANITIZER STREQUAL "Memory") + add_memory_sanitizer() +elseif(MZ_SANITIZER STREQUAL "Thread") + add_thread_sanitizer() +elseif(MZ_SANITIZER STREQUAL "Undefined") + add_undefined_sanitizer() +endif() + # Set compiler options if(MZ_CODE_COVERAGE) if(NOT MSVC) diff --git a/README.md b/README.md index c05ca00..52d9280 100644 --- a/README.md +++ b/README.md @@ -11,12 +11,12 @@ Developed and maintained by Nathan Moinvaziri. ## Branches -|Name|Description| -|:-|:-| -|[master](https://github.com/zlib-ng/minizip-ng/tree/master)|Most recent release.| -|[develop](https://github.com/zlib-ng/minizip-ng/tree/develop)|Latest development code.| -|[1.2](https://github.com/zlib-ng/minizip-ng/tree/1.2)|Old changes to original minizip that includes WinZip AES encryption, disk splitting, I/O buffering and some additional fixes. Not ABI compatible with original minizip.| -|[1.1](https://github.com/zlib-ng/minizip-ng/tree/1.1)|Original minizip as of zlib 1.2.11.| +| Name | Description | +|:--------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [master](https://github.com/zlib-ng/minizip-ng/tree/master) | Most recent release. | +| [develop](https://github.com/zlib-ng/minizip-ng/tree/develop) | Latest development code. | +| [1.2](https://github.com/zlib-ng/minizip-ng/tree/1.2) | Old changes to original minizip that includes WinZip AES encryption, disk splitting, I/O buffering and some additional fixes. Not ABI compatible with original minizip. | +| [1.1](https://github.com/zlib-ng/minizip-ng/tree/1.1) | Original minizip as of zlib 1.2.11. | ## History @@ -64,29 +64,30 @@ cmake --build build ## Build Options -| Name | Description | Default Value | -|:--------------------|:----------------------------------------------------|:-------------:| -| MZ_COMPAT | Enables compatibility layer | ON | -| MZ_ZLIB | Enables ZLIB compression | ON | -| MZ_BZIP2 | Enables BZIP2 compression | ON | -| MZ_LZMA | Enables LZMA & XZ compression | ON | -| MZ_ZSTD | Enables ZSTD compression | ON | -| MZ_LIBCOMP | Enables Apple compression | APPLE | -| MZ_FETCH_LIBS | Enables fetching third-party libraries if not found | WIN32 | -| MZ_FORCE_FETCH_LIBS | Enables fetching third-party libraries always | OFF | -| MZ_PKCRYPT | Enables PKWARE traditional encryption | ON | -| MZ_WZAES | Enables WinZIP AES encryption | ON | -| MZ_OPENSSL | Enables OpenSSL encryption | UNIX | -| MZ_LIBBSD | Builds with libbsd crypto random | UNIX | -| MZ_ICONV | Enables iconv encoding conversion | ON | -| MZ_COMPRESS_ONLY | Only support compression | OFF | -| MZ_DECOMPRESS_ONLY | Only support decompression | OFF | -| MZ_FILE32_API | Builds using posix 32-bit file api | OFF | -| MZ_BUILD_TESTS | Builds minizip test executable | OFF | -| MZ_BUILD_UNIT_TESTS | Builds minizip unit test project | OFF | -| MZ_BUILD_FUZZ_TESTS | Builds minizip fuzz executables | OFF | -| MZ_CODE_COVERAGE | Build with code coverage flags | OFF | -| MZ_LIB_SUFFIX | Library name suffix for packaging | | +| Name | Description | Default Value | +|:--------------------|:---------------------------------------------------------------|:-------------:| +| MZ_COMPAT | Enables compatibility layer | ON | +| MZ_ZLIB | Enables ZLIB compression | ON | +| MZ_BZIP2 | Enables BZIP2 compression | ON | +| MZ_LZMA | Enables LZMA & XZ compression | ON | +| MZ_ZSTD | Enables ZSTD compression | ON | +| MZ_LIBCOMP | Enables Apple compression | APPLE | +| MZ_FETCH_LIBS | Enables fetching third-party libraries if not found | WIN32 | +| MZ_FORCE_FETCH_LIBS | Enables fetching third-party libraries always | OFF | +| MZ_PKCRYPT | Enables PKWARE traditional encryption | ON | +| MZ_WZAES | Enables WinZIP AES encryption | ON | +| MZ_OPENSSL | Enables OpenSSL encryption | UNIX | +| MZ_LIBBSD | Builds with libbsd crypto random | UNIX | +| MZ_ICONV | Enables iconv encoding conversion | ON | +| MZ_COMPRESS_ONLY | Only support compression | OFF | +| MZ_DECOMPRESS_ONLY | Only support decompression | OFF | +| MZ_FILE32_API | Builds using posix 32-bit file api | OFF | +| MZ_BUILD_TESTS | Builds minizip test executable | OFF | +| MZ_BUILD_UNIT_TESTS | Builds minizip unit test project | OFF | +| MZ_BUILD_FUZZ_TESTS | Builds minizip fuzz executables | OFF | +| MZ_CODE_COVERAGE | Build with code coverage flags | OFF | +| MZ_SANITIZER | Build with code sanitizer (Memory, Thread, Address, Undefined) | | +| MZ_LIB_SUFFIX | Library name suffix for packaging | | ## Third-Party Libraries diff --git a/cmake/detect-sanitizer.cmake b/cmake/detect-sanitizer.cmake new file mode 100644 index 0000000..ecb8b80 --- /dev/null +++ b/cmake/detect-sanitizer.cmake @@ -0,0 +1,166 @@ +# detect-sanitizer.cmake -- Detect supported compiler sanitizer flags +# Licensed under the Zlib license, see LICENSE.md for details + +macro(add_common_sanitizer_flags) + if(CMAKE_C_COMPILER_ID MATCHES "GNU" OR CMAKE_C_COMPILER_ID MATCHES "Clang") + add_compile_options(-g3) + endif() + # check_c_compiler_flag(-fno-omit-frame-pointer HAVE_NO_OMIT_FRAME_POINTER) + # if(HAVE_NO_OMIT_FRAME_POINTER) + add_compile_options(-fno-omit-frame-pointer) + add_link_options(-fno-omit-frame-pointer) + # endif() + # check_c_compiler_flag(-fno-optimize-sibling-calls HAVE_NO_OPTIMIZE_SIBLING_CALLS) + # if(HAVE_NO_OPTIMIZE_SIBLING_CALLS) + add_compile_options(-fno-optimize-sibling-calls) + add_link_options(-fno-optimize-sibling-calls) + # endif() +endmacro() + +macro(check_sanitizer_support known_checks supported_checks) + set(available_checks "") + + # Build list of supported sanitizer flags by incrementally trying compilation with + # known sanitizer checks + + foreach(check ${known_checks}) + if(available_checks STREQUAL "") + set(compile_checks "${check}") + else() + set(compile_checks "${available_checks},${check}") + endif() + + set(CMAKE_REQUIRED_FLAGS -fsanitize=${compile_checks}) + + check_c_source_compiles("int main() { return 0; }" HAVE_SANITIZER_${check} + FAIL_REGEX "not supported|unrecognized command|unknown option") + + set(CMAKE_REQUIRED_FLAGS) + + if(HAVE_SANITIZER_${check}) + set(available_checks ${compile_checks}) + endif() + endforeach() + + set(${supported_checks} ${available_checks}) +endmacro() + +macro(add_address_sanitizer) + set(known_checks + address + pointer-compare + pointer-subtract + ) + + check_sanitizer_support("${known_checks}" supported_checks) + if(NOT ${supported_checks} STREQUAL "") + message(STATUS "Address sanitizer is enabled: ${supported_checks}") + add_compile_options(-fsanitize=${supported_checks}) + add_link_options(-fsanitize=${supported_checks}) + add_common_sanitizer_flags() + else() + message(STATUS "Address sanitizer is not supported") + endif() + + if(CMAKE_CROSSCOMPILING_EMULATOR) + # Only check for leak sanitizer if not cross-compiling due to qemu crash + message(WARNING "Leak sanitizer is not supported when cross compiling") + else() + # Leak sanitizer requires address sanitizer + check_sanitizer_support("leak" supported_checks) + if(NOT ${supported_checks} STREQUAL "") + message(STATUS "Leak sanitizer is enabled: ${supported_checks}") + add_compile_options(-fsanitize=${supported_checks}) + add_link_options(-fsanitize=${supported_checks}) + add_common_sanitizer_flags() + else() + message(STATUS "Leak sanitizer is not supported") + endif() + endif() +endmacro() + +macro(add_memory_sanitizer) + check_sanitizer_support("memory" supported_checks) + if(NOT ${supported_checks} STREQUAL "") + message(STATUS "Memory sanitizer is enabled: ${supported_checks}") + add_compile_options(-fsanitize=${supported_checks}) + add_link_options(-fsanitize=${supported_checks}) + add_common_sanitizer_flags() + + check_c_compiler_flag(-fsanitize-memory-track-origins HAVE_MEMORY_TRACK_ORIGINS) + if(HAVE_MEMORY_TRACK_ORIGINS) + add_compile_options(-fsanitize-memory-track-origins) + add_link_options(-fsanitize-memory-track-origins) + endif() + else() + message(STATUS "Memory sanitizer is not supported") + endif() +endmacro() + +macro(add_thread_sanitizer) + check_sanitizer_support("thread" supported_checks) + if(NOT ${supported_checks} STREQUAL "") + message(STATUS "Thread sanitizer is enabled: ${supported_checks}") + add_compile_options(-fsanitize=${supported_checks}) + add_link_options(-fsanitize=${supported_checks}) + add_common_sanitizer_flags() + else() + message(STATUS "Thread sanitizer is not supported") + endif() +endmacro() + +macro(add_undefined_sanitizer) + set(known_checks + array-bounds + bool + bounds + builtin + enum + float-cast-overflow + float-divide-by-zero + function + integer-divide-by-zero + local-bounds + null + nonnull-attribute + pointer-overflow + return + returns-nonnull-attribute + shift + shift-base + shift-exponent + signed-integer-overflow + undefined + unsigned-integer-overflow + unsigned-shift-base + vla-bound + vptr + ) + + # Only check for alignment sanitizer flag if unaligned access is not supported + if(NOT WITH_UNALIGNED) + list(APPEND known_checks alignment) + endif() + # Object size sanitizer has no effect at -O0 and produces compiler warning if enabled + if(NOT CMAKE_C_FLAGS MATCHES "-O0") + list(APPEND known_checks object-size) + endif() + + check_sanitizer_support("${known_checks}" supported_checks) + + if(NOT ${supported_checks} STREQUAL "") + message(STATUS "Undefined behavior sanitizer is enabled: ${supported_checks}") + add_compile_options(-fsanitize=${supported_checks}) + add_link_options(-fsanitize=${supported_checks}) + + # Group sanitizer flag -fsanitize=undefined will automatically add alignment, even if + # it is not in our sanitize flag list, so we need to explicitly disable alignment sanitizing. + if(WITH_UNALIGNED) + add_compile_options(-fno-sanitize=alignment) + endif() + + add_common_sanitizer_flags() + else() + message(STATUS "Undefined behavior sanitizer is not supported") + endif() +endmacro() \ No newline at end of file