Skip to content

osx: _FORTIFY_SOURCE=1 is always enabled, which breaks asan #6932

Closed
Closed
osx: _FORTIFY_SOURCE=1 is always enabled, which breaks asan#6932
Labels
P3We're not considering working on this, but happy to review a PR. (No assignee)team-Rules-CPPIssues for C++ rulesz-team-AppleDeprecated. Send to rules_apple, or label team-Rules-CPP + platform:apple
@steeve

Description

@steeve
steeve
opened on Dec 14, 2018

Description of the problem / feature request:

-D_FORTIFY_SOURCE=1 is enabled by default on OSX. This break when trying to use asan.

$ xcrun --sdk macosx clang -dM -E -fsanitize=address - < /dev/null | grep FORTIFY
#define _FORTIFY_SOURCE 0
$

When running a build with -fsanitize=address, the build outputs warnings with:

<command line>:1:9: warning: '_FORTIFY_SOURCE' macro redefined [-Wmacro-redefined]
#define _FORTIFY_SOURCE 1
        ^
<built-in>:386:9: note: previous definition is here
#define _FORTIFY_SOURCE 0

However, according to https://github.com/google/sanitizers/wiki/AddressSanitizer, _FORTIFY_SOURCE should be disabled when using asan.

A3: If _FORTIFY_SOURCE is enabled, ASan may have false positives, see next question.

Q: I've compiled my code with -D_FORTIFY_SOURCE flag and ASan, or -D_FORTIFY_SOURCE is enabled by default in my distribution (most modern distributions). Now ASan misbehaves (either produces false warnings, or does not find some bugs).

A: Currently ASan (and other sanitizers) doesn't support source fortification, see google/sanitizers#247. The fix should most likely be on the glibc side, see the (stalled) discussion here.

However, adding the following options doesn't help either since it's defined in the CROSSTOOL it seems:

build:asan --copt="-U_FORTIFY_SOURCE"

Feature requests: what underlying problem are you trying to solve with this feature?

Use asan on osx.

Bugs: what's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.

Run a C++ build with the following arg:

--copt="-fsanitize=address"

What operating system are you running Bazel on?

osx

What's the output of bazel info release?

release 0.19.0

Have you found anything relevant by searching the web?

  1. https://github.com/znly/bazel/blob/master/tools/osx/crosstool/CROSSTOOL.tpl#L64 and throughout the file.
  2. Support source fortification google/sanitizers#247

I can submit a PR if everybody approves me of removing it by default.

I'm also noticing it is enabled by default on linux.

We managed to get around using the following configuration:

build:asan              --strip=never
build:asan              --copt="-Wno-macro-redefined"
build:asan              --copt="-D_FORTIFY_SOURCE=0"
build:asan              --copt="-O1"
build:asan              --copt="-fno-omit-frame-pointer"
build:asan              --copt="-fsanitize=address"
build:asan              --copt="-DADDRESS_SANITIZER"
build:asan              --linkopt="-fsanitize=address"

Metadata

Metadata

Assignees

No one assigned

    Labels

    P3We're not considering working on this, but happy to review a PR. (No assignee)team-Rules-CPPIssues for C++ rulesz-team-AppleDeprecated. Send to rules_apple, or label team-Rules-CPP + platform:apple

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions