ci: Use address sanitizer in CI.

[no changelog]
2 years ago · 56126b75a7
parent 4a71d15b1d
commit 56126b75a7
6 changed files with 25 additions and 13 deletions
--- a/ci/build.yml
+++ b/ci/build.yml
@ -217,6 +217,8 @@ crypto build:
  stage: build
  <<: *gitlab_caching
  needs: []
+  variables:
+    ADDRESS_SANITIZER: "1"
  only:
    changes:
      - .gitlab-ci.yml
--- a/crypto/Makefile
+++ b/crypto/Makefile
@ -1,11 +1,9 @@
 ifeq ($(FUZZER),1)
 CC       ?= clang
 LD       ?= $(CC)
-
 SANFLAGS += -fsanitize=fuzzer
-
-CFLAGS   += $(SANFLAGS)
-LDFLAGS  += $(SANFLAGS)
+else ifeq ($(ADDRESS_SANITIZER),1)
+SANFLAGS += -fsanitize=address
 endif

 CC       ?= gcc
@ -13,6 +11,7 @@ CC       ?= gcc
 OPTFLAGS ?= -O3 -g

 CFLAGS   += $(OPTFLAGS) \
+            $(SANFLAGS) \
            -std=gnu99 \
            -W \
            -Wall \
@ -118,18 +117,18 @@ all: tools tests
 tests: tests/test_check tests/test_openssl tests/test_speed tests/libtrezor-crypto.so tests/aestst

 tests/aestst: aes/aestst.o aes/aescrypt.o aes/aeskey.o aes/aestab.o
-	$(CC) $^ -o $@
+	$(CC) $(CFLAGS) $^ -o $@

 tests/test_check.o: tests/test_check_cardano.h tests/test_check_monero.h tests/test_check_cashaddr.h tests/test_check_segwit.h

 tests/test_check: tests/test_check.o $(OBJS)
-	$(CC) tests/test_check.o $(OBJS) $(TESTLIBS) -o tests/test_check
+	$(CC) $(CFLAGS) tests/test_check.o $(OBJS) $(TESTLIBS) -o tests/test_check

 tests/test_speed: tests/test_speed.o $(OBJS)
-	$(CC) tests/test_speed.o $(OBJS) -o tests/test_speed
+	$(CC) $(CFLAGS) tests/test_speed.o $(OBJS) -o tests/test_speed

 tests/test_openssl: tests/test_openssl.o $(OBJS)
-	$(CC) tests/test_openssl.o $(OBJS) $(TESTSSLLIBS) -o tests/test_openssl
+	$(CC) $(CFLAGS) tests/test_openssl.o $(OBJS) $(TESTSSLLIBS) -o tests/test_openssl

 tests/libtrezor-crypto.so: $(SRCS) secp256k1-zkp.o
 	$(CC) $(CFLAGS) -DAES_128 -DAES_192 -fPIC -shared $(SRCS) secp256k1-zkp.o -o tests/libtrezor-crypto.so
@ -137,13 +136,13 @@ tests/libtrezor-crypto.so: $(SRCS) secp256k1-zkp.o
 tools: tools/xpubaddrgen tools/mktable tools/bip39bruteforce

 tools/xpubaddrgen: tools/xpubaddrgen.o $(OBJS)
-	$(CC) tools/xpubaddrgen.o $(OBJS) -o tools/xpubaddrgen
+	$(CC) $(CFLAGS) tools/xpubaddrgen.o $(OBJS) -o tools/xpubaddrgen

 tools/mktable: tools/mktable.o $(OBJS)
-	$(CC) tools/mktable.o $(OBJS) -o tools/mktable
+	$(CC) $(CFLAGS) tools/mktable.o $(OBJS) -o tools/mktable

 tools/bip39bruteforce: tools/bip39bruteforce.o $(OBJS)
-	$(CC) tools/bip39bruteforce.o $(OBJS) -o tools/bip39bruteforce
+	$(CC) $(CFLAGS) tools/bip39bruteforce.o $(OBJS) -o tools/bip39bruteforce

 fuzzer: fuzzer/fuzzer.o $(OBJS)
 	$(CC) $(CFLAGS) fuzzer/fuzzer.o $(OBJS) -o fuzzer/fuzzer
--- a/docs/tests/device-tests.md
+++ b/docs/tests/device-tests.md
@ -85,7 +85,7 @@ make build_unix_debug
 ```

 The final executable is significantly slower due to ASAN(Address Sanitizer) integration.
-If you wan't to catch some memory errors use this.
+If you want to catch some memory errors use this.

 ```sh
 time ASAN_OPTIONS=verbosity=1:detect_invalid_pointer_pairs=1:strict_init_order=true:strict_string_checks=true TREZOR_PROFILE="" poetry run make test_emu
--- a/legacy/Makefile.include
+++ b/legacy/Makefile.include
@ -21,6 +21,9 @@ OPTFLAGS ?= -O3
 DBGFLAGS ?= -g3 -ggdb3
 CPUFLAGS ?=
 FPUFLAGS ?=
+ifeq ($(ADDRESS_SANITIZER),1)
+SANFLAGS += -fsanitize=address
+endif
 else
 PREFIX   ?= arm-none-eabi-
 CC       := $(PREFIX)gcc
@ -42,6 +45,7 @@ endif

 CFLAGS   += $(OPTFLAGS) \
            $(DBGFLAGS) \
+            $(SANFLAGS) \
            -std=gnu11 \
            -W \
            -Wall \
@ -81,6 +85,7 @@ CFLAGS   += $(OPTFLAGS) \

 LDFLAGS  += -L$(TOP_DIR) \
            $(DBGFLAGS) \
+            $(SANFLAGS) \
            $(CPUFLAGS) \
            $(FPUFLAGS)

--- a/storage/tests/Makefile
+++ b/storage/tests/Makefile
@ -1,9 +1,15 @@
 .PHONY: tests

+export ASAN_OPTIONS=verify_asan_link_order=0
+
 build:
 	$(MAKE) -C c
 	$(MAKE) -C c0

+clean:
+	$(MAKE) -C c clean
+	$(MAKE) -C c0 clean
+
 ## tests commands:
 tests:
 	pytest --junitxml=../../tests/junit.xml -k "not hypothesis"
--- a/storage/tests/c/Makefile
+++ b/storage/tests/c/Makefile
@ -1,5 +1,5 @@
 CC = gcc
-CFLAGS = -Wall -Wshadow -Wextra -Wpedantic -Werror -Wno-missing-braces -fPIC
+CFLAGS = -Wall -Wshadow -Wextra -Wpedantic -Werror -Wno-missing-braces -fPIC -fsanitize=address
 LIBS =
 INC = -I ../../../crypto -I ../.. -I .
 BASE = ../../../