Add support for LOCAL_DETECT_INTEGER_OVERFLOWS
Add build system support for LOCAL_DETECT_INTEGER_OVERFLOWS. When enabled,
an attempt to perform an integer arithmetic operation which overflows
will result in a call to abort(). This is intended for security
sensitive code, where integer overflow operations are not expected
nor desirable.
Two classes of underflows/overflows are detected and blocked:
1) Signed integer underflow/overflow.
2) Unsigned integer underflow/overflows.
Signed integer overflows are undefined behavior, according to the
C standard. Unsigned integer overflows are defined behavior, but
still undesirable in security sensitive code.
Only clang is supported today. gcc has -ftrapv for handling signed
integer overflow, but it's widely considered broken
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=35412) and we're
deliberately avoiding it's use here.
Change-Id: Ib4918dc84e37e83d4205e5035544545d91671e5f
Vaguely-Related-Bug: 11859726
diff --git a/core/clear_vars.mk b/core/clear_vars.mk
index 48cedce..21b8294 100644
--- a/core/clear_vars.mk
+++ b/core/clear_vars.mk
@@ -151,6 +151,7 @@
LOCAL_CTS_TEST_RUNNER:=
LOCAL_CLANG:=
LOCAL_ADDRESS_SANITIZER:=
+LOCAL_DETECT_INTEGER_OVERFLOWS:=
LOCAL_JAR_EXCLUDE_FILES:=
LOCAL_JAR_PACKAGES:=
LOCAL_JAR_EXCLUDE_PACKAGES:=
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index b116283..563a334 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -105,3 +105,13 @@
recover_arg := $(subst $(space),$(comma),$(LOCAL_SANITIZE_RECOVER)),
my_cflags += -fsanitize-recover=$(recover_arg)
endif
+
+ifeq ($(strip $(LOCAL_DETECT_INTEGER_OVERFLOWS)),true)
+ ifeq ($(my_clang),true)
+ my_cflags += -fsanitize=signed-integer-overflow,unsigned-integer-overflow
+ my_cflags += -ftrap-function=abort
+ my_cflags += -fsanitize-undefined-trap-on-error
+ else
+ $(error $(LOCAL_MODULE): You must enable LOCAL_CLANG:=true to use LOCAL_DETECT_INTEGER_OVERFLOWS)
+ endif
+endif
