Closed Bug 1790763 Opened 3 years ago Closed 2 years ago

Overhaul NSS UBSan check selection

Categories

(NSS :: Libraries, enhancement, P1)

Product:
NSS
Component:
Libraries
Version:
3.8.3
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: leander.schwarz, Assigned: djackson)

References

Details

(Keywords: sec-other)

Attachments

(1 file)

Bug 1790763 - Enable default UBSan Checks. r=mt
48 bytes, text/x-phabricator-request
Details | Review

NSS UBSan builds currently have the following undefined behavior checks enabled by default (set in sanitizers.sh):

bool,signed-integer-overflow,shift,vptr

These are a small subset of all available checks, as well as a partial subset of the default Firefox UBSan build checks:

bool,bounds,enum,function,integer-divide-by-zero,object-size,pointer-overflow,return,vla-bound

The checks have been last updated in NSS 3.29 / 2017 and there has already been a undetected undefined behavior in NSS, which would have been detected with the 'pointer-overflow' check enabled.

=> The same default UBSan checks as in the Firefox builds should probably be enabled.

Assignee: nobody → djackson
Duplicate of this bug: 1640071

I spent some time looking at this and I think we can enable the default UBSan checks with a small amount of work. There's two outstanding issues which I've filed child bugs for. Further progress is blocked until fix up the current issues with the CI.

Attachment #9313748 - Attachment description: WIP: Bug 1790763 - WIP - Enable default UBSan Checks, except enum range and null argument passing. → Bug 1790763 - Enable default UBSan Checks. r=mt

https://hg.mozilla.org/projects/nss/rev/013b4b6ad803f083aa1ad89200e395dcd16fae7d

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Group: crypto-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: