Merge branch 'wip/asan' into 'master'

Add AddressSanitizer and UBSan support

See merge request dbus/dbus!57

Reviewed-by: pwithnall

16 files changed, 190 insertions, 55 deletions

diff --git a/bus/Makefile.am b/bus/Makefile.am
index d7408049..fe0f92b1 100644
--- a/bus/Makefile.am
+++ b/bus/Makefile.am
@@ -38,6 +38,7 @@ AM_LDFLAGS = @R_DYNAMIC_LDFLAG@
 
 AM_CFLAGS = \
 	$(CODE_COVERAGE_CFLAGS) \
+	$(SANITIZE_CFLAGS) \
 	$(NULL)
 
 EFENCE=
diff --git a/cmake/test/CMakeLists.txt b/cmake/test/CMakeLists.txt
index 28ba7cba..dc83f772 100644
--- a/cmake/test/CMakeLists.txt
+++ b/cmake/test/CMakeLists.txt
@@ -7,6 +7,8 @@ add_definitions(${DBUS_INTERNAL_CLIENT_DEFINITIONS})
 set(DBUS_SESSION_BUS_LISTEN_ADDRESS ${TEST_LISTEN})
 
 add_library(dbus-testutils STATIC
+    ${TEST_DIR}/disable-crash-handling.c
+    ${TEST_DIR}/disable-crash-handling.h
     ${TEST_DIR}/test-utils.h
     ${TEST_DIR}/test-utils.c
 )
@@ -46,7 +48,12 @@ set (test-exit_SOURCES
     ${TEST_DIR}/test-exit.c
 )
 
+# We have to compile a separate copy of disable-crash-handling.c for
+# test-segfault rather than using the libdbus-testutils library, because
+# otherwise it would fail to link when using the AddressSanitizer.
 set (test-segfault_SOURCES
+    ${TEST_DIR}/disable-crash-handling.c
+    ${TEST_DIR}/disable-crash-handling.h
     ${TEST_DIR}/test-segfault.c
 )
 
@@ -70,7 +77,10 @@ add_test_executable(test-printf ${TEST_DIR}/internals/printf.c dbus-testutils)
 add_helper_executable(test-shell-service ${test-shell-service_SOURCES} dbus-testutils)
 add_helper_executable(test-spawn ${test-spawn_SOURCES} ${DBUS_INTERNAL_LIBRARIES})
 add_helper_executable(test-exit ${test-exit_SOURCES} ${DBUS_INTERNAL_LIBRARIES})
-add_helper_executable(test-segfault ${test-segfault_SOURCES} ${DBUS_INTERNAL_LIBRARIES})
+# the second argument of add_helper_executable() is a whitespace-separated
+# list of source files and the third and subsequent arguments are libraries
+# to link, hence the quoting here
+add_helper_executable(test-segfault "${test-segfault_SOURCES}")
 add_helper_executable(test-sleep-forever ${test-sleep-forever_SOURCES} ${DBUS_INTERNAL_LIBRARIES})
 add_helper_executable(manual-tcp ${manual-tcp_SOURCES} ${DBUS_INTERNAL_LIBRARIES})
 add_helper_executable(manual-backtrace ${TEST_DIR}/manual-backtrace.c dbus-1)
diff --git a/configure.ac b/configure.ac
index 5723ae48..4636062a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1224,6 +1224,9 @@ CFLAGS="$EXTRA_CFLAGS $CFLAGS"
 CXXFLAGS="$EXTRA_CXXFLAGS $CXXFLAGS"
 LDFLAGS="$EXTRA_LDFLAGS $LDFLAGS"
 
+AC_ARG_VAR([SANITIZE_CFLAGS],
+           [Extra CFLAGS for modules that are instrumented for error-checking])
+
 case $host_os in
     solaris*)
         # Solaris' C library apparently needs these runes to be threadsafe...
diff --git a/dbus/Makefile.am b/dbus/Makefile.am
index c003b399..f9561bef 100644
--- a/dbus/Makefile.am
+++ b/dbus/Makefile.am
@@ -17,6 +17,7 @@ AM_CPPFLAGS = \
 
 AM_CFLAGS = \
 	$(CODE_COVERAGE_CFLAGS) \
+	$(SANITIZE_CFLAGS) \
 	$(NULL)
 
 if HAVE_VISIBILITY
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
index 3e74cf17..0f6106aa 100644
--- a/dbus/dbus-sysdeps-util-unix.c
+++ b/dbus/dbus-sysdeps-util-unix.c
@@ -1587,28 +1587,3 @@ _dbus_daemon_report_stopping (void)
   sd_notify (0, "STOPPING=1");
 #endif
 }
-
-/**
- * Try to disable core dumps and similar special crash handling.
- */
-void
-_dbus_disable_crash_handling (void)
-{
-#ifdef HAVE_SETRLIMIT
-  /* No core dumps please, we know we crashed. */
-  struct rlimit r = { 0, };
-
-  getrlimit (RLIMIT_CORE, &r);
-  r.rlim_cur = 0;
-  setrlimit (RLIMIT_CORE, &r);
-#endif
-
-#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
-  /* Really, no core dumps please. On Linux, if core_pattern is
-   * set to a pipe (for abrt/apport/corekeeper/etc.), RLIMIT_CORE of 0
-   * is ignored (deliberately, so people can debug init(8) and other
-   * early stuff); but Linux has PR_SET_DUMPABLE, so we can avoid core
-   * dumps anyway. */
-  prctl (PR_SET_DUMPABLE, 0, 0, 0, 0);
-#endif
-}
diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c
index 0182b6b1..fc356908 100644
--- a/dbus/dbus-sysdeps-util-win.c
+++ b/dbus/dbus-sysdeps-util-win.c
@@ -1688,27 +1688,3 @@ _dbus_win_stderr_win_error (const char    *app,
   fprintf (stderr, "%s: %s: %s\n", app, message, error.message);
   dbus_error_free (&error);
 }
-
-static int exception_handler (LPEXCEPTION_POINTERS p) _DBUS_GNUC_NORETURN;
-
-static int
-exception_handler (LPEXCEPTION_POINTERS p)
-{
-  ExitProcess (0xc0000005);
-}
-
-/**
- * Try to disable core dumps and similar special crash handling.
- */
-void
-_dbus_disable_crash_handling (void)
-{
-  /* Disable Windows popup dialog when an app crashes so that app quits
-   * immediately with error code instead of waiting for user to dismiss
-   * the dialog.  */
-  DWORD dwMode = SetErrorMode (SEM_NOGPFAULTERRORBOX);
-
-  SetErrorMode (dwMode | SEM_NOGPFAULTERRORBOX);
-  /* Disable "just in time" debugger */
-  SetUnhandledExceptionFilter ((LPTOP_LEVEL_EXCEPTION_FILTER) &exception_handler);
-}
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
index 9965c6e4..fa20219e 100644
--- a/dbus/dbus-sysdeps.h
+++ b/dbus/dbus-sysdeps.h
@@ -732,8 +732,6 @@ void _dbus_combine_tcp_errors (DBusList **sources,
                                const char *port,
                                DBusError *dest);
 
-void _dbus_disable_crash_handling (void);
-
 /** @} */
 
 DBUS_END_DECLS
diff --git a/test/Makefile.am b/test/Makefile.am
index baec9639..b8df15ac 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -23,11 +23,14 @@ AM_LDFLAGS = @R_DYNAMIC_LDFLAG@
 
 AM_CFLAGS = \
 	$(CODE_COVERAGE_CFLAGS) \
+	$(SANITIZE_CFLAGS) \
 	$(NULL)
 
 noinst_LTLIBRARIES = libdbus-testutils.la
 
 libdbus_testutils_la_SOURCES = \
+	disable-crash-handling.c \
+	disable-crash-handling.h \
 	test-utils.c \
 	test-utils.h \
 	$(NULL)
@@ -89,6 +92,12 @@ endif !DBUS_ENABLE_EMBEDDED_TESTS
 
 noinst_PROGRAMS= $(TEST_BINARIES)
 
+# This helper is meant to crash, so if we're compiling the rest with
+# AddressSanitizer, we need to stop it from catching the SIGSEGV and
+# turning it into _exit(1); so don't give it SANITIZE_CFLAGS.
+# CODE_COVERAGE_CFLAGS are fairly pointless here, too.
+test_segfault_CFLAGS =
+
 test_service_LDADD = libdbus-testutils.la
 test_names_LDADD = libdbus-testutils.la
 ## break_loader_LDADD = $(top_builddir)/dbus/libdbus-internal.la
@@ -107,8 +116,14 @@ test_printf_LDADD = $(top_builddir)/dbus/libdbus-internal.la
 test_refs_SOURCES = internals/refs.c
 test_refs_LDADD = libdbus-testutils.la $(GLIB_LIBS)
 
-test_segfault_SOURCES = test-segfault.c
-test_segfault_LDADD = $(top_builddir)/dbus/libdbus-internal.la
+# We have to compile a separate copy of disable-crash-handling.c for
+# test-segfault rather than using libdbus-testutils.la, because
+# otherwise it would fail to link when using the AddressSanitizer.
+test_segfault_SOURCES = \
+	disable-crash-handling.c \
+	disable-crash-handling.h \
+	test-segfault.c \
+	$(NULL)
 
 test_server_oom_SOURCES = internals/server-oom.c
 test_server_oom_LDADD = libdbus-testutils.la $(GLIB_LIBS)
diff --git a/test/disable-crash-handling.c b/test/disable-crash-handling.c
new file mode 100644
index 00000000..14295071
--- /dev/null
+++ b/test/disable-crash-handling.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2003 Red Hat, Inc.
+ * Copyright 2007-2016 Ralf Habacker
+ * Copyright 2014-2018 Collabora Ltd.
+ * Copyright 2016 Yiyang Fei
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+/*
+ * This test utility function is separated from test-utils.h because it
+ * needs to be used by test-segfault, which deliberately crashes itself.
+ *
+ * test-segfault can't be linked to non-self-contained dbus code because
+ * we want to avoid building it with the AddressSanitizer even if we are
+ * using the AddressSanitizer for the rest of dbus, so that the
+ * AddressSanitizer doesn't turn raise(SIGSEGV) into the equivalent of
+ * _exit(1), causing the test that uses test-segfault to see an unexpected
+ * exit status.
+ */
+
+#include "config.h"
+#include "disable-crash-handling.h"
+
+#ifdef DBUS_WIN
+
+#include <stdio.h>
+#include <windows.h>
+
+#include <dbus/dbus-macros.h>
+
+static int exception_handler (LPEXCEPTION_POINTERS p) _DBUS_GNUC_NORETURN;
+
+static int
+exception_handler (LPEXCEPTION_POINTERS p)
+{
+  ExitProcess (0xc0000005);
+}
+
+/**
+ * Try to disable core dumps and similar special crash handling.
+ */
+void
+_dbus_disable_crash_handling (void)
+{
+  /* Disable Windows popup dialog when an app crashes so that app quits
+   * immediately with error code instead of waiting for user to dismiss
+   * the dialog.  */
+  DWORD dwMode = SetErrorMode (SEM_NOGPFAULTERRORBOX);
+
+  SetErrorMode (dwMode | SEM_NOGPFAULTERRORBOX);
+  /* Disable "just in time" debugger */
+  SetUnhandledExceptionFilter ((LPTOP_LEVEL_EXCEPTION_FILTER) &exception_handler);
+}
+
+#else /* !DBUS_WIN */
+
+#ifdef HAVE_SYS_PRCTL_H
+#include <sys/prctl.h>
+#endif
+
+#ifdef HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+
+/**
+ * Try to disable core dumps and similar special crash handling.
+ */
+void
+_dbus_disable_crash_handling (void)
+{
+#ifdef HAVE_SETRLIMIT
+  /* No core dumps please, we know we crashed. */
+  struct rlimit r = { 0, };
+
+  getrlimit (RLIMIT_CORE, &r);
+  r.rlim_cur = 0;
+  setrlimit (RLIMIT_CORE, &r);
+#endif
+
+#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+  /* Really, no core dumps please. On Linux, if core_pattern is
+   * set to a pipe (for abrt/apport/corekeeper/etc.), RLIMIT_CORE of 0
+   * is ignored (deliberately, so people can debug init(8) and other
+   * early stuff); but Linux has PR_SET_DUMPABLE, so we can avoid core
+   * dumps anyway. */
+  prctl (PR_SET_DUMPABLE, 0, 0, 0, 0);
+#endif
+}
+
+#endif /* !DBUS_WIN */
diff --git a/test/disable-crash-handling.h b/test/disable-crash-handling.h
new file mode 100644
index 00000000..28ca33cf
--- /dev/null
+++ b/test/disable-crash-handling.h
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2003 Red Hat, Inc.
+ * Copyright 2007-2016 Ralf Habacker
+ * Copyright 2014-2018 Collabora Ltd.
+ * Copyright 2016 Yiyang Fei
+ *
+ * Licensed under the Academic Free License version 2.1
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+#ifndef TEST_DISABLE_CRASH_HANDLING_H
+#define TEST_DISABLE_CRASH_HANDLING_H
+
+void _dbus_disable_crash_handling (void);
+
+#endif
diff --git a/test/internals/assertions.c b/test/internals/assertions.c
index 92f905c8..d1360e0f 100644
--- a/test/internals/assertions.c
+++ b/test/internals/assertions.c
@@ -26,6 +26,7 @@
 
 #include <dbus/dbus.h>
 #include "dbus/dbus-internals.h"
+#include "disable-crash-handling.h"
 #include "test-utils-glib.h"
 
 typedef struct
diff --git a/test/name-test/Makefile.am b/test/name-test/Makefile.am
index ea63e579..280eb8ea 100644
--- a/test/name-test/Makefile.am
+++ b/test/name-test/Makefile.am
@@ -7,6 +7,7 @@ AM_CPPFLAGS = \
 
 AM_CFLAGS = \
 	$(CODE_COVERAGE_CFLAGS) \
+	$(SANITIZE_CFLAGS) \
 	$(NULL)
 
 # if assertions are enabled, improve backtraces
diff --git a/test/test-segfault.c b/test/test-segfault.c
index a11d45b2..5c559ccb 100644
--- a/test/test-segfault.c
+++ b/test/test-segfault.c
@@ -5,7 +5,7 @@
 #include <signal.h>
 #endif
 
-#include "dbus/dbus-sysdeps.h"
+#include "disable-crash-handling.h"
 
 int
 main (int argc, char **argv)
diff --git a/test/test-utils-glib.c b/test/test-utils-glib.c
index 04d98aa5..083c9bfc 100644
--- a/test/test-utils-glib.c
+++ b/test/test-utils-glib.c
@@ -576,6 +576,8 @@ static void
 set_timeout (guint factor)
 {
   static guint timeout = 0;
+  const gchar *env_factor_str;
+  guint64 env_factor = 1;
 
   /* Prevent tests from hanging forever. This is intended to be long enough
    * that any reasonable regression test on any reasonable hardware would
@@ -588,6 +590,18 @@ set_timeout (guint factor)
   if (RUNNING_ON_VALGRIND)
     factor = factor * 10;
 
+  env_factor_str = g_getenv ("DBUS_TEST_TIMEOUT_MULTIPLIER");
+
+  if (env_factor_str != NULL)
+    {
+      env_factor = g_ascii_strtoull (env_factor_str, NULL, 10);
+
+      if (env_factor == 0)
+        g_error ("Invalid DBUS_TEST_TIMEOUT_MULTIPLIER %s", env_factor_str);
+
+      factor = factor * env_factor;
+    }
+
   timeout = g_timeout_add_seconds (TIMEOUT * factor, time_out, NULL);
 #ifdef G_OS_UNIX
   /* The GLib main loop might not be running (we don't use it in every
diff --git a/tools/Makefile.am b/tools/Makefile.am
index f3450030..85dcba64 100644
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -8,6 +8,7 @@ AM_CPPFLAGS = \
 
 AM_CFLAGS = \
 	$(CODE_COVERAGE_CFLAGS) \
+	$(SANITIZE_CFLAGS) \
 	$(NULL)
 
 # if assertions are enabled, improve backtraces
diff --git a/tools/ci-build.sh b/tools/ci-build.sh
index e98a8fe5..8e22f84d 100755
--- a/tools/ci-build.sh
+++ b/tools/ci-build.sh
@@ -150,6 +150,7 @@ case "$ci_buildsys" in
                     *)
                         set "$@" --enable-containers
                         set "$@" --enable-user-session
+                        set "$@" SANITIZE_CFLAGS="-fsanitize=address -fsanitize=undefined -fPIE -pie"
                         ;;
                 esac
                 shift