[compiler-rt][UBSan] silence_unsigned_overflow: do *NOT* ignore *fata…

…l* unsigned overflows Summary: D48660 / rL335762 added a `silence_unsigned_overflow` env flag for [[ google/oss-fuzz#1717 | oss-fuzz needs ]], that allows to silence the reports from unsigned overflows. It makes sense, it is there because `-fsanitize=integer` sanitizer is not enabled on oss-fuzz, so this allows to still use it as an interestingness signal, without getting the actual reports. However there is a slight problem here. All types of unsigned overflows are ignored. Even if `-fno-sanitize-recover=unsigned` was used (which means the program will die after the report) there will still be no report, the program will just silently die. At the moment there are just two projects on oss-fuzz that care: * [[ https://github.com/google/oss-fuzz/blob/8eeffa627f937040aaf8ba1b7d93f43f77d74fb9/projects/llvm_libcxx/build.sh#L18-L20 | libc++ ]] * [[ https://github.com/google/oss-fuzz/blob/8eeffa627f937040aaf8ba1b7d93f43f77d74fb9/projects/librawspeed/build.sh | RawSpeed ]] (me) I suppose this could be overridden there ^, but i really don't think this is intended behavior in any case.. Reviewers: kcc, Dor1s, #sanitizers, filcab, vsk, kubamracek Reviewed By: Dor1s Subscribers: dberris, mclow.lists, llvm-commits Tags: #sanitizers Differential Revision: https://reviews.llvm.org/D54771 llvm-svn: 347415
llvm · Nov 21, 2018 · 1d0c7f5 · 1d0c7f5
1 parent a70fdf8
commit 1d0c7f5
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 4 deletions.
diff --git a/compiler-rt/lib/ubsan/ubsan_flags.inc b/compiler-rt/lib/ubsan/ubsan_flags.inc
@@ -25,5 +25,5 @@ UBSAN_FLAG(const char *, suppressions, "", "Suppressions file name.")
 UBSAN_FLAG(bool, report_error_type, false,
         "Print specific error type instead of 'undefined-behavior' in summary.")
 UBSAN_FLAG(bool, silence_unsigned_overflow, false,
-	"Do not print error reports for unsigned integer overflow. "
-	"Used to provide fuzzing signal without blowing up logs.")
+        "Do not print non-fatal error reports for unsigned integer overflow. "
+        "Used to provide fuzzing signal without blowing up logs.")
diff --git a/compiler-rt/lib/ubsan/ubsan_handlers.cc b/compiler-rt/lib/ubsan/ubsan_handlers.cc
@@ -119,7 +119,9 @@ static void handleIntegerOverflowImpl(OverflowData *Data, ValueHandle LHS,
   if (ignoreReport(Loc, Opts, ET))
     return;
 
-  if (!IsSigned && flags()->silence_unsigned_overflow)
+  // If this is an unsigned overflow in non-fatal mode, potentially ignore it.
+  if (!IsSigned && !Opts.FromUnrecoverableHandler &&
+      flags()->silence_unsigned_overflow)
     return;
 
   ScopedReport R(Opts, Loc, ET);

diff --git a/compiler-rt/test/ubsan/TestCases/Integer/no-recover.cpp b/compiler-rt/test/ubsan/TestCases/Integer/no-recover.cpp
@@ -1,7 +1,9 @@
 // RUN: %clangxx -fsanitize=unsigned-integer-overflow %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=RECOVER
 // RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=all -fsanitize-recover=unsigned-integer-overflow %s -o %t && %run %t 2>&1 | FileCheck %s --check-prefix=RECOVER
 // RUN: %env_ubsan_opts=silence_unsigned_overflow=1 %run %t 2>&1 | FileCheck %s --check-prefix=SILENT-RECOVER --allow-empty
-// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=ABORT
+// RUN: %clangxx -fsanitize=unsigned-integer-overflow -fno-sanitize-recover=unsigned-integer-overflow %s -o %t
+// RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=ABORT
+// RUN: %env_ubsan_opts=silence_unsigned_overflow=1 not %run %t 2>&1 | FileCheck %s --check-prefix=ABORT
 
 #include <stdint.h>