diff mbox series

[2/2] libselinux: harden availability check against user CFLAGS

Message ID 20241120131004.58662-2-cgoettsche@seltendoof.de (mailing list archive)
State New
Headers show
Series [1/2] libsepol: harden availability check against user CFLAGS | expand

Commit Message

Christian Göttsche Nov. 20, 2024, 1:10 p.m. UTC 
From: Christian Göttsche <cgzones@googlemail.com>

If CFLAGS set by the user contains the warnings override
`-Wno-error=implicit-function-declaration` the availability check does
not work properly.  Explicitly enable and treat this warnings as failure
by appending the appropriate flag.

Also include CPPFLAGS in the check.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
Triggered by oss-fuzz which uses

    afl-clang-fast  -O1   -fno-omit-frame-pointer   -gline-tables-only   -Wno-error=enum-constexpr-conversion   -Wno-error=incompatible-function-pointer-types   -Wno-error=int-conversion   -Wno-error=deprecated-declarations   -Wno-error=implicit-function-declaration   -Wno-error=implicit-int   -Wno-error=vla-cxx-extension   -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address -fsanitize-address-use-after-scope

Build log:
https://oss-fuzz-build-logs.storage.googleapis.com/log-88d68963-9439-4745-9541-840f6e1f7307.txt
---
 libselinux/src/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index 41cfbdca..d73df767 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -104,13 +104,13 @@  override CFLAGS += -I../include -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
 
 # check for strlcpy(3) availability
 H := \#
-ifeq (yes,$(shell printf '${H}include <string.h>\nint main(void){char d[2];const char *s="a";return (size_t)strlcpy(d,s,sizeof(d))>=sizeof(d);}' | $(CC) $(CFLAGS) $(LDFLAGS) -x c -o /dev/null - >/dev/null 2>&1 && echo yes))
+ifeq (yes,$(shell printf '${H}include <string.h>\nint main(void){char d[2];const char *s="a";return (size_t)strlcpy(d,s,sizeof(d))>=sizeof(d);}' | $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -Werror=implicit-function-declaration -x c -o /dev/null - >/dev/null 2>&1 && echo yes))
 override CFLAGS += -DHAVE_STRLCPY
 endif
 
 # check for reallocarray(3) availability
 H := \#
-ifeq (yes,$(shell printf '${H}include <stdlib.h>\nint main(void){return reallocarray(NULL,0,0)==NULL;}' | $(CC) $(CFLAGS) $(LDFLAGS) -x c -o /dev/null - >/dev/null 2>&1 && echo yes))
+ifeq (yes,$(shell printf '${H}include <stdlib.h>\nint main(void){return reallocarray(NULL,0,0)==NULL;}' | $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -Werror=implicit-function-declaration -x c -o /dev/null - >/dev/null 2>&1 && echo yes))
 override CFLAGS += -DHAVE_REALLOCARRAY
 endif