gl.cc not built with ASan
Categories
(Core :: Graphics: WebRender, enhancement, P4)
Tracking
()
People
(Reporter: tsmith, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: sec-audit)
I think bug 1685439 should have been caught by ASan but was not.
I don't think sainitizer build flags are being passed properly but someone that knows this code better would know for sure.
Comment 1•4 years ago
•
|
||
(In reply to Tyson Smith [:tsmith] from comment #0)
I think bug 1685439 should have been caught by ASan but was not.
I don't think sainitizer build flags are being passed properly but someone that knows this code better would know for sure.
I would appreciate if this was not marked as a sec issue and refiled as just a normal build issue against SWGL, since this doesn't really represent a sec issue as such. It would be easier to get more eyeballs on it that way. It's just a TODO item since gl.cc is built separately on purpose using the rust CC crate.
Reporter | ||
Updated•4 years ago
|
Comment 2•4 years ago
|
||
Comment 3•4 years ago
|
||
(In reply to Mike Hommey [:glandium] from comment #2)
Just thinking out loud, is there some way we could detect in the build.rs for SWGL that we are trying to do an ASAN build, and just have the build.rs manually chuck on the flag in this case as-needed?
Comment 4•4 years ago
|
||
Note that sanitizer flags are passed down when cross-compiling, so that code should be covered on Windows, Mac and Android asan builds.
Comment 5•3 years ago
|
||
Changing severity to S4 because of its nature as an ehancement.
Description
•