Summary: | sys-devel/clang adds FORTIFY_SOURCE in presence of -fsanitize=address | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Agostino Sarubbo <ago> |
Component: | Current packages | Assignee: | LLVM support project <llvm> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sam, toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2023-03-23 10:28:52 UTC
What version of sys-devel/clang-common? I see the same thing even when there's 0 fortifiable functions in there (just a simple return, no printf, etc). I suspect it's picking up fortified functions in libasan. ... also, there's no way that F_S can even do anything with -O0, and yet the tool thinks it's fortified, so I think this is just an issue in checksec. We could maybe see if we can build libasan w/o fortificaiton if it is that though. (In reply to Sam James from comment #1) > What version of sys-devel/clang-common? $ qlist -ICv | grep -E '(clang|llvm)' sys-devel/clang-15.0.7-r1 sys-devel/clang-common-15.0.7-r4 sys-devel/clang-runtime-15.0.7 sys-devel/clang-toolchain-symlinks-15-r2 sys-devel/llvm-15.0.7 sys-devel/llvm-common-15.0.7 sys-devel/llvm-toolchain-symlinks-15-r1 sys-devel/llvmgold-15 commit 162b52d8795d5eead77376c37c23d91001373258 Author: Sam James <sam@gentoo.org> Date: Mon Mar 13 21:46:59 2023 +0000 sys-devel/clang-common: don't default-enable _FORTIFY_SOURCE w/ ASAN and MSAN This can cause either false positives in warnings from the compiler or false negatives where the sanitizer misses something. Bug: https://github.com/google/sanitizers/issues/247 Signed-off-by: Sam James <sam@gentoo.org> (I don't think removing the fortification from LLVM's libraries is really in scope/a problem. Take it up with checksec if desired.) |