From d9551db089e01d08db4198d7cef4aaecc878b9ea Mon Sep 17 00:00:00 2001
From: George Burgess IV <gbiv@google.com>
Date: Thu, 17 Aug 2017 18:51:02 -0700
Subject: [PATCH] Disable FORTIFY on ASAN builds

FORTIFY's *_chk functions mess with ASAN's library function
interceptors, which can apparently result in false-positives.

Since adding even more complexity to every run-time check condition in
FORTIFY doesn't seem like a great idea, and the majority of our builds
will still use FORTIFY anyway, turning FORTIFY off here seems
reasonable.

Bug: 63104159
Test: checkbuild on internal master + CtsBionicTestCases. No new
failures.

Change-Id: Id32e551e28ee70a9815ad140c3253b86f03de63f
---
 libc/include/sys/cdefs.h | 15 ++++++++++++---
 tests/Android.bp         | 20 ++++++++++++++++++++
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h
index 71d84260f..58eebc575 100644
--- a/libc/include/sys/cdefs.h
+++ b/libc/include/sys/cdefs.h
@@ -239,9 +239,18 @@
 
 #define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1)
 
-#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && \
-      (defined(__clang__) || (defined(__OPTIMIZE__) && __OPTIMIZE__ > 0))
-#  define __BIONIC_FORTIFY 1
+#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
+#  if defined(__clang__)
+/* FORTIFY's _chk functions effectively disable ASAN's stdlib interceptors. */
+#    if !__has_feature(address_sanitizer)
+#      define __BIONIC_FORTIFY 1
+#    endif
+#  elif defined(__OPTIMIZE__) && __OPTIMIZE__ > 0
+#    define __BIONIC_FORTIFY 1
+#  endif
+#endif
+
+#if defined(__BIONIC_FORTIFY)
 #  if _FORTIFY_SOURCE == 2
 #    define __bos_level 1
 #  else
diff --git a/tests/Android.bp b/tests/Android.bp
index 084d39329..ea3f39f2a 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -192,6 +192,26 @@ cc_defaults {
     },
 }
 
+// If building this fails, then we have both FORTIFY and ASAN enabled, which
+// isn't desirable. (Ideally, we'd emit FORTIFY diagnostics even with ASAN
+// enabled, but that's not a reality today.) This is meant to be otherwise
+// unused.
+cc_test_library {
+    name: "fortify_disabled_for_asan",
+    cflags: [
+        "-Werror",
+        "-D_FORTIFY_SOURCE=2",
+        // "sanitize: address" doesn't work on platforms where libasan isn't
+        // enabled. Since the intent is just to build this, we can get away with
+        // passing this flag on its own.
+        "-fsanitize=address",
+    ],
+    // Ignore that we don't have ASAN symbols linked in.
+    allow_undefined_symbols: true,
+    srcs: ["fortify_compilation_test.cpp"],
+    clang: true,
+}
+
 cc_test_library {
     name: "libfortify1-tests-clang",
     defaults: ["bionic_fortify_tests_defaults", "bionic_tests_defaults"],