Add support for LOCAL_DETECT_INTEGER_OVERFLOWS

Add build system support for LOCAL_DETECT_INTEGER_OVERFLOWS. When enabled, an attempt to perform an integer arithmetic operation which overflows will result in a call to abort(). This is intended for security sensitive code, where integer overflow operations are not expected nor desirable. Two classes of underflows/overflows are detected and blocked: 1) Signed integer underflow/overflow. 2) Unsigned integer underflow/overflows. Signed integer overflows are undefined behavior, according to the C standard. Unsigned integer overflows are defined behavior, but still undesirable in security sensitive code. Only clang is supported today. gcc has -ftrapv for handling signed integer overflow, but it's widely considered broken (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=35412) and we're deliberately avoiding it's use here. Change-Id: Ib4918dc84e37e83d4205e5035544545d91671e5f Vaguely-Related-Bug: 11859726
2015-06-14 11:38:30 -07:00
parent 46cb2ee3cb
commit 99d92506ac
2 changed files with 11 additions and 0 deletions
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -151,6 +151,7 @@ LOCAL_CTS_TEST_PACKAGE:=
 LOCAL_CTS_TEST_RUNNER:=
 LOCAL_CLANG:=
 LOCAL_ADDRESS_SANITIZER:=
+LOCAL_DETECT_INTEGER_OVERFLOWS:=
 LOCAL_JAR_EXCLUDE_FILES:=
 LOCAL_JAR_PACKAGES:=
 LOCAL_JAR_EXCLUDE_PACKAGES:=
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -105,3 +105,13 @@ ifneq ($(strip $(LOCAL_SANITIZE_RECOVER)),)
  recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_RECOVER)),
  my_cflags += -fsanitize-recover=$(recover_arg)
 endif
+
+ifeq ($(strip $(LOCAL_DETECT_INTEGER_OVERFLOWS)),true)
+  ifeq ($(my_clang),true)
+    my_cflags += -fsanitize=signed-integer-overflow,unsigned-integer-overflow
+    my_cflags += -ftrap-function=abort
+    my_cflags += -fsanitize-undefined-trap-on-error
+  else
+    $(error $(LOCAL_MODULE): You must enable LOCAL_CLANG:=true to use LOCAL_DETECT_INTEGER_OVERFLOWS)
+  endif
+endif