diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h index 71d84260f..58eebc575 100644 --- a/libc/include/sys/cdefs.h +++ b/libc/include/sys/cdefs.h @@ -239,9 +239,18 @@ #define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1) -#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \ - (defined(__clang__) || (defined(__OPTIMIZE__) && __OPTIMIZE__ > 0)) -# define __BIONIC_FORTIFY 1 +#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 +# if defined(__clang__) +/* FORTIFY's _chk functions effectively disable ASAN's stdlib interceptors. */ +# if !__has_feature(address_sanitizer) +# define __BIONIC_FORTIFY 1 +# endif +# elif defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 +# define __BIONIC_FORTIFY 1 +# endif +#endif + +#if defined(__BIONIC_FORTIFY) # if _FORTIFY_SOURCE == 2 # define __bos_level 1 # else diff --git a/tests/Android.bp b/tests/Android.bp index 084d39329..ea3f39f2a 100644 --- a/tests/Android.bp +++ b/tests/Android.bp @@ -192,6 +192,26 @@ cc_defaults { }, } +// If building this fails, then we have both FORTIFY and ASAN enabled, which +// isn't desirable. (Ideally, we'd emit FORTIFY diagnostics even with ASAN +// enabled, but that's not a reality today.) This is meant to be otherwise +// unused. +cc_test_library { + name: "fortify_disabled_for_asan", + cflags: [ + "-Werror", + "-D_FORTIFY_SOURCE=2", + // "sanitize: address" doesn't work on platforms where libasan isn't + // enabled. Since the intent is just to build this, we can get away with + // passing this flag on its own. + "-fsanitize=address", + ], + // Ignore that we don't have ASAN symbols linked in. + allow_undefined_symbols: true, + srcs: ["fortify_compilation_test.cpp"], + clang: true, +} + cc_test_library { name: "libfortify1-tests-clang", defaults: ["bionic_fortify_tests_defaults", "bionic_tests_defaults"],