On Fri, Mar 03, 2023 at 08:44:33AM -0700, Nathan Chancellor wrote: > On Thu, Mar 02, 2023 at 02:54:45PM -0800, Kees Cook wrote: > > [...] > > config CC_HAS_UBSAN_ARRAY_BOUNDS > > def_bool $(cc-option,-fsanitize=array-bounds) > > + help > > + The -fsanitize=array-bounds option is only available on Clang, > > + and is actually composed of two more specific options, > > + -fsanitize=array-bounds and -fsanitize=local-bounds. However, > > + -fsanitize=local-bounds can only be used when trap mode is > > + enabled. (See also the help for CONFIG_LOCAL_BOUNDS.) > > The first sentence does not read right to me, you have array-bounds > twice. I think the first one wants to be just bounds? Oops, yes. I rewrote that a few times and seem to have gotten lost. I think it is better written as: Under Clang, the -fsanitize=bounds option is actually composed of two more specific options, -fsanitize=array-bounds and -fsanitize=local-bounds. However, -fsanitize=local-bounds can only be used when trap mode is enabled. (See also the help for CONFIG_LOCAL_BOUNDS.) Explicitly check for -fsanitize=array-bounds so that we can build up the options needed for UBSAN_BOUNDS with or without UBSAN_TRAP. -- Kees Cook
