Re: [FFmpeg-devel] [PATCH 2/2] configure: Use -fno-sanitize-recover - Vitaly Buka via ffmpeg-devel

From: Vitaly Buka via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Vitaly Buka <vitalybuka@google.com>
Subject: Re: [FFmpeg-devel] [PATCH 2/2] configure: Use -fno-sanitize-recover
Date: Fri, 17 Jan 2025 14:53:39 -0800
Message-ID: <CAPjTjwvcoVPJrZXfFCj4_JzHMGAB8Y2zZANFQ8OeAknsV-nSuQ@mail.gmail.com> (raw)
In-Reply-To: <f6a9d750-fc9b-457b-9099-436fa36c0547@frankplowman.com>

My confusion here is that it looks like ffmpeg developers care about UB, I
see from time to time large cleanups, but there are a bunch of unfixed
reports.
Maybe forcing no-recover by default will improve this situation?

On Fri, Jan 17, 2025 at 11:57 AM Frank Plowman <post@frankplowman.com>
wrote:

> On 16/01/2025 19:12, Vitaly Buka via ffmpeg-devel wrote:
> > UBSAN by default is just prints a mesage and
> > moves on. This hides a few UBs in fate-suite.
> >
> > Signed-off-by: Vitaly Buka <vitalybuka@google.com>
> > ---
> >  configure                     | 4 ++--
> >  libavcodec/aacenc_pred.c      | 1 +
> >  libavcodec/ffv1dec.c          | 1 +
> >  libavcodec/ffv1enc_template.c | 1 +
> >  libavcodec/get_bits.h         | 1 +
> >  libavcodec/indeo3.c           | 2 +-
> >  libavcodec/motion_est.c       | 1 +
> >  libavcodec/mss2dsp.c          | 1 +
> >  libavcodec/opus/dec.c         | 1 +
> >  libavcodec/snow.h             | 1 +
> >  libavcodec/svq1enc.c          | 1 +
> >  libavfilter/vf_curves.c       | 1 +
> >  libavfilter/vf_overlay.c      | 1 +
> >  libavformat/mov.c             | 1 +
> >  libswscale/input.c            | 6 ++++++
> >  libswscale/output.c           | 4 ++++
> >  libswscale/swscale_unscaled.c | 3 +++
> >  17 files changed, 28 insertions(+), 3 deletions(-)
> >
> > diff --git a/configure b/configure
> > index 3a1e72e1c6..f2b4fd2c62 100755
> > --- a/configure
> > +++ b/configure
> > @@ -4568,7 +4568,7 @@ set >> $logfile
> >  test -n "$valgrind" && toolchain="valgrind-memcheck"
> >
> >  enabled ossfuzz && ! echo $CFLAGS | grep -q -- "-fsanitize="  && ! echo
> $CFLAGS | grep -q -- "-fcoverage-mapping" &&{
> > -    add_cflags  -fsanitize=address,undefined
> -fsanitize-coverage=trace-pc-guard,trace-cmp -fno-omit-frame-pointer
> > +    add_cflags  -fsanitize=address,undefined
> -fsanitize-coverage=trace-pc-guard,trace-cmp -fno-omit-frame-pointer
> -fno-sanitize-recover=all
> >      add_ldflags -fsanitize=address,undefined
> -fsanitize-coverage=trace-pc-guard,trace-cmp
> >  }
> >
> > @@ -4591,7 +4591,7 @@ add_sanitizer_flags(){
> >              add_ldflags -fsanitize=thread
> >          ;;
> >          usan)
> > -            add_cflags  -fsanitize=undefined
> > +            add_cflags  -fsanitize=undefined -fno-sanitize-recover=all
>
> I agree it would be good to return a nonzero exit code on detecting
> undefined behaviour when running FATE, but this sets the flag for any
> --toolchain=*-usan configuration.  Personally, I would find it a little
> unexpected that compiling with --toolchain=*-usan results in anything
> but the default behaviour of UBSAN, and one might wish to use UBSAN
> without the flag when testing manually.  As an alternative, what about
> instead setting UBSAN_OPTIONS=halt_on_error=1 only when running the FATE
> suite or fuzzing?
>
> --
> Frank
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".