Skip to content

Commit

Permalink
Fixes #444 - Build the router container with production-like flags, s…
Browse files Browse the repository at this point in the history
…uch as the various flavors of `-fstack-protector` and with `-D_FORTIFY_SOURCE=2` (#445)
  • Loading branch information
jiridanek authored May 19, 2022
1 parent 7968e47 commit d25f73f
Showing 3 changed files with 12 additions and 2 deletions.
6 changes: 6 additions & 0 deletions .github/scripts/compile.sh
Original file line number Diff line number Diff line change
@@ -22,6 +22,7 @@
set -euxo pipefail

WORKING=$(pwd)
eval "$(rpmbuild --eval '%set_build_flags')"

#region libwebsockets
wget ${LWS_SOURCE_URL} -O libwebsockets.tar.gz
@@ -96,6 +97,11 @@ do_build () {
}

do_build "" OFF

# talking to annobin is not straightforward, https://bugzilla.redhat.com/show_bug.cgi?id=1536569
common_sanitizer_flags="-Wp,-U_FORTIFY_SOURCE -fplugin=annobin -fplugin-arg-annobin-no-active-checks"
export CFLAGS="${CFLAGS} ${common_sanitizer_flags}"
export CXXFLAGS="${CXXFLAGS} ${common_sanitizer_flags}"
do_build "_asan" asan
do_build "_tsan" tsan

1 change: 1 addition & 0 deletions Containerfile
Original file line number Diff line number Diff line change
@@ -20,6 +20,7 @@
FROM registry.access.redhat.com/ubi8/ubi-minimal:latest as builder

RUN microdnf -y --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install \
rpm-build \
gcc gcc-c++ make cmake \
cyrus-sasl-devel openssl-devel libuuid-devel \
python3-devel swig \
7 changes: 5 additions & 2 deletions cmake/RuntimeChecks.cmake
Original file line number Diff line number Diff line change
@@ -99,6 +99,9 @@ if(QD_DISABLE_MEMORY_POOL AND NOT RUNTIME_CHECK)
message(FATAL_ERROR "Do not set QD_DISABLE_MEMORY_POOL without enabling RUNTIME_CHECK at the same time")
endif()

# set -Wp,-U_FORTIFY_SOURCE to avoid bad interaction with fortify flags, https://developers.redhat.com/blog/2021/05/05/memory-error-checking-in-c-and-c-comparing-sanitizers-and-valgrind#fortifysource
set(common_sanitizer_flags "-g -fno-omit-frame-pointer -Wp,-U_FORTIFY_SOURCE")

if(RUNTIME_CHECK STREQUAL "memcheck")
assert_has_valgrind()
message(STATUS "Runtime memory checker: valgrind memcheck")
@@ -147,7 +150,7 @@ elseif(RUNTIME_CHECK STREQUAL "asan" OR RUNTIME_CHECK STREQUAL "hwasan")
add_custom_target(generate_lsan.supp ALL
DEPENDS ${CMAKE_BINARY_DIR}/tests/lsan.supp)
# force QD_MEMORY_DEBUG else lsan will catch alloc_pool suppressed leaks (ok to remove this once leaks are fixed)
set(SANITIZE_FLAGS "-g -fno-omit-frame-pointer -fsanitize=${ASAN_VARIANTS} -DQD_MEMORY_DEBUG=1")
set(SANITIZE_FLAGS "${common_sanitizer_flags} -fsanitize=${ASAN_VARIANTS} -DQD_MEMORY_DEBUG=1")
# `detect_leaks=1` is set by default where it is available; better not to set it conditionally ourselves
# https://github.com/openSUSE/systemd/blob/1270e56526cd5a3f485ae2aba975345c38860d37/docs/TESTING_WITH_SANITIZERS.md
# TODO(DISPATCH-2148) re-enable odr violation detection when Proton linking issue in test-sender is fixed
@@ -162,7 +165,7 @@ elseif(RUNTIME_CHECK STREQUAL "tsan")
message(FATAL_ERROR "libtsan not installed - thread sanitizer not available")
endif(TSAN_LIBRARY-NOTFOUND)
message(STATUS "Runtime race checker: gcc/clang thread sanitizer")
set(SANITIZE_FLAGS "-g -fno-omit-frame-pointer -fsanitize=thread")
set(SANITIZE_FLAGS "${common_sanitizer_flags} -fsanitize=thread")
set(RUNTIME_TSAN_ENV_OPTIONS "disable_coredump=0 history_size=4 second_deadlock_stack=1 suppressions=${CMAKE_SOURCE_DIR}/tests/tsan.supp")

elseif(RUNTIME_CHECK)

0 comments on commit d25f73f

Please sign in to comment.