Hi On Wed, Jul 16, 2025 at 11:11:13AM +0100, Frank Plowman wrote: > > > On 16/07/2025 18:58, Kacper Michajlow wrote: > > On Tue, 15 Jul 2025 at 00:24, Michael Niedermayer > > wrote: > >> > >> --- > >> configure | 4 ++-- > >> 1 file changed, 2 insertions(+), 2 deletions(-) > >> > >> diff --git a/configure b/configure > >> index fc082d5467e..e568eed55d3 100755 > >> --- a/configure > >> +++ b/configure > >> @@ -4606,8 +4606,8 @@ set >> $logfile > >> test -n "$valgrind" && toolchain="valgrind-memcheck" > >> > >> enabled ossfuzz && ! echo $CFLAGS | grep -q -- "-fsanitize=" && ! echo $CFLAGS | grep -q -- "-fcoverage-mapping" &&{ > >> - add_cflags -fsanitize=address,undefined -fsanitize-coverage=trace-pc-guard,trace-cmp -fno-omit-frame-pointer > >> - add_ldflags -fsanitize=address,undefined -fsanitize-coverage=trace-pc-guard,trace-cmp > >> + add_cflags -fsanitize=fuzzer,address,undefined -fsanitize-memory-track-origins -fno-omit-frame-pointer > >> + add_ldflags -fsanitize=address,undefined > >> } > > > > How about we remove this block of code? Or move it to > > --toolchain=clang-fuzz for local build? In oss-fuzz build environment > > (docker) this flags shouldn't be injected (and are not because of grep > > checks) and instead CFLAGS are used for compile flags and > > --libfuzzer for linking. > > > > - Kacper > > +1 > > I have a patch locally which does something similar. We could add these > flags only to those targets which need to be compiled with libfuzzer, > rather than to all CFLAGS. It saves you having to re-configure if you > want to compile some fftool, then some fuzzer binary or vice-versa. I expect that the code a bug is in needs to be build with the sanitizer and related flags. And that anything that we want fuzzed needs the fuzzer and related flags So that basically means everything needs these flags IIUC in fact even external libs would need them thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Those who are best at talking, realize last or never when they are wrong.