diff options
-rw-r--r-- | .gitlab-ci.yml | 35 | ||||
-rw-r--r-- | fuzz/Makefile.am | 2 |
2 files changed, 36 insertions, 1 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 946c085c70..c22fc28961 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -235,6 +235,41 @@ UB+ASAN-Werror.Fedora.x86_64.gcc: except: - tags +# Same as UB+ASAN-Werror.Fedora.x86_64.gcc, except -DAGGRESSIVE_REALLOC is set +UB+ASAN-Werror-aggressive.Fedora.x86_64.gcc: + extends: + - .test + - .fedora + needs: + - fedora/bootstrap + script: + - export UBSAN_OPTIONS=print_stacktrace=1 + - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp + - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope -DAGGRESSIVE_REALLOC" + - export CXXFLAGS="$CFLAGS" + - dash ./configure --cache-file $CCACHE_FILE --disable-guile --disable-doc --disable-hardware-acceleration + - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile + - make -j$BUILDJOBS + # Use $BUILDJOBS since the fuzzers should use mainly CPU (no blocking I/O) + - make -j$BUILDJOBS check -C fuzz + - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x1 + - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x2 + - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x4 + - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x8 + - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x20 + - make -j$CHECKJOBS check -C tests + - dash ./configure --cache-file $CCACHE_FILE --disable-guile --disable-doc --disable-hardware-acceleration --with-default-trust-store-pkcs11="pkcs11:" --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM + - make clean + - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile + - make -j$BUILDJOBS + # Use $BUILDJOBS since most of the job is building all tests, then just running 4 tests + - make -j$BUILDJOBS check -C tests TESTS="trust-store p11-kit-load.sh priority-init2 set-default-prio" SUBDIRS=. + tags: + - shared + - linux + except: + - tags + ############################################################################## ########################### Fedora pipelines ################################# ############################################################################## diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index 31690a1295..34a8919994 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -95,7 +95,7 @@ oss-fuzz: $$CC $$CFLAGS -I$(top_srcdir)/lib/includes/ -I$(top_srcdir) \ -c "$${fuzzer}.c" -o "$${fuzzer}.o" ; \ $$CXX $$CXXFLAGS "$${fuzzer}.o" -o "$${fuzzer}" \ - ../lib/.libs/libgnutls.a $${LIB_FUZZING_ENGINE} \ + $$LDFLAGS ../lib/.libs/libgnutls.a $${LIB_FUZZING_ENGINE} \ -Wl,-z,muldefs \ -Wl,-Bstatic \ $${XLIBS} \ |