explicitly guard against zero-length writes to placate UBsan worrying…

… about barely-safe underflow (#41) * explicitly guard against zero-length writes to placate UBsan worrying about barely-safe underflow * upgrade doctest, make quick + dirty sanitize job * clean up, check in * linker: flags before objects * use clang and clang++ on linux sanitize builds
charlesnicholson · Aug 30, 2022 · 5d47458 · 5d47458
1 parent a5d22b1
commit 5d47458
Show file tree

Hide file tree

Showing 5 changed files with 835 additions and 567 deletions.
diff --git a/.github/workflows/presubmit.yml b/.github/workflows/presubmit.yml
@@ -8,6 +8,27 @@ on:
     - cron: '0 2 * * 0'  # Weekly
 
 jobs:
+  sanitize:
+    runs-on: ubuntu-latest
+
+    permissions:
+      packages: read
+
+    container:
+      image: ghcr.io/charlesnicholson/docker-image:latest
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    env:
+      CC: /usr/bin/clang
+      CXX: /usr/bin/clang++
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Build
+        run: COBS_SANITIZE=1 make -j
+
   linux-gcc:
     runs-on: ubuntu-latest
 

diff --git a/Makefile b/Makefile
@@ -22,31 +22,35 @@ LDFLAGS += -m32
 endif
 endif
 
+ifeq ($(COBS_SANITIZE),1)
+CPPFLAGS_SAN += -fsanitize=undefined,address
+LDFLAGS_SAN += -fsanitize=undefined,address
+endif
+
 CPPFLAGS += -Wall -Werror -Wextra
 
 ifeq ($(OS),Darwin)
 CPPFLAGS += -Weverything -Wno-poison-system-directories -Wno-format-pedantic
 endif
 
 CPPFLAGS += -Wno-c++98-compat -Wno-padded
-LDFLAGS +=  -fsanitize=undefined,address
 CFLAGS = --std=c99
 CXXFLAGS = --std=c++17
 
 $(BUILD_DIR)/cobs_unittests: $(OBJS) $(BUILD_DIR)/cobs.c.o Makefile
-	$(CXX) $(OBJS) $(BUILD_DIR)/cobs.c.o -o $@ $(LDFLAGS)
+	$(CXX) $(LDFLAGS) $(LDFLAGS_SAN) $(OBJS) $(BUILD_DIR)/cobs.c.o -o $@
 
 $(BUILD_DIR)/cobs.c.o: cobs.c cobs.h Makefile
-	mkdir -p $(dir $@) && $(CC) $(CPPFLAGS) $(CFLAGS) -fsanitize=undefined,address -c $< -o $@
+	mkdir -p $(dir $@) && $(CC) $(CPPFLAGS) $(CFLAGS) $(CPPFLAGS_SAN) -c $< -o $@
 
 $(BUILD_DIR)/%.c.o: %.c Makefile
-	mkdir -p $(dir $@) && $(CC) $(CPPFLAGS) $(CFLAGS) -c $< -o $@
+	mkdir -p $(dir $@) && $(CC) $(CPPFLAGS) $(CFLAGS) $(CPPFLAGS_SAN) -c $< -o $@
 
 $(BUILD_DIR)/%.cc.o: %.cc Makefile
-	mkdir -p $(dir $@) && $(CXX) $(CPPFLAGS) $(CXXFLAGS) -c $< -o $@
+	mkdir -p $(dir $@) && $(CXX) $(CPPFLAGS) $(CXXFLAGS) $(CPPFLAGS_SAN) -c $< -o $@
 
 $(BUILD_DIR)/cobs_unittests.timestamp: $(BUILD_DIR)/cobs_unittests
-	$(BUILD_DIR)/cobs_unittests && touch $(BUILD_DIR)/cobs_unittests.timestamp
+	$(BUILD_DIR)/cobs_unittests -m && touch $(BUILD_DIR)/cobs_unittests.timestamp
 
 .PHONY: clean
 

diff --git a/cobs.c b/cobs.c
@@ -89,6 +89,7 @@ cobs_ret_t cobs_encode_inc(cobs_enc_ctx_t *ctx,
   unsigned dst_idx = ctx->cur;
   unsigned const enc_max = ctx->dst_max;
   if ((enc_max - dst_idx) < dec_len) { return COBS_RET_ERR_EXHAUSTED; }
+  if (!dec_len) { return COBS_RET_SUCCESS; }
 
   unsigned dst_code_idx = ctx->code_idx;
   unsigned code = ctx->code;