[infra] Add pointer-overflow to UBSAN flags

[jonathanmetzman]

I noticed this #659 and figured we might as well.
I haven't tested it yet though, probably necessary to do this first with at least a few projects right?

[inferno-chromium]

@mbarbella-chromium would remember this. we had some false positives from skia before, so unsure on value of this.

[jonathanmetzman]

Closing since it seems like this won't be useful.

[evverx]

If my understanding is correct, it was turned off because it triggered false positives in skia. Were those false positives real false positives that should be fixed on the clang side or were they real bugs that weren't considered real bugs by the skia project? If the former shouldn't "pointer-overflow" be excluded from the default set of checks used when sanitize=undefined is used?

[evverx]

FWIW yesterday I took a look at the zstd fuzzing infrastructure and there pointer-overflow is explicitly turned off unless --enable-ubsan-pointer-overflow is passed to the script: https://github.com/facebook/zstd/blob/c047fcf7bf9ad1553d581a49e3965c5b37f126fc/tests/fuzz/fuzz.py#L187. I'm not sure how many other projects do anything similar and why exactly they do it but if it's a common pattern, it seems to me pointer-overflow probably shouldn't be a default check.

[mbarbella-chromium]

The skia issues we mentioned were true pointer overflows, but they weren't likely to lead to actual security issues (or other functional problems, though they were true UB). I was very surprised when I enabled this for chrome how noisy the check was, though most of the issues it reports are at least bad patterns. We ended up disabling it since the bugs weren't too high a priority and they were annoying developers, though as I'm looking back on some of the bugs it reported I think it might be worth revisiting at some point.