Google Git
Sign in
bazel / bazel / e132653ead5e50f4226dbff7776466fef1918f49
commite132653ead5e50f4226dbff7776466fef1918f49[log] [tgz]
authorChirag Ramani <chirag.ramani7@gmail.com>Mon Feb 06 20:15:09 2023 -0800
committerCopybara-Service <copybara-worker@google.com>Mon Feb 06 20:16:40 2023 -0800
tree9f94ad9b63c862deb00c3584f955a693fa01f6d8
parent6b853e687b79e4cd49e3f98d2998bcdf8f6e7a33 [diff]
Remove O1 from sanitizer feature flag defaults

This PR removes `-O1` from the current set of sanitizer related feature flags defaults.

**Context and Repro**
1. Heap buffer overflow in the following code block is not caught by asan.

example.cc
```
#include <cstdlib>

int main(int argc, char **argv) {
  int *array = new int[100];
  array[0] = 0;
  int res = array[argc + 100];  // BOOM
  delete [] array;
  return res;
}
```
BUILD
```
cc_binary(
  name = 'example',
  srcs = ['example.cc'],
  features = ['asan'],
)
```
execute:
```
bazel run :example
```

**Expectation:**
Address sanitizer should detect and report heap buffer overflow.

But this doesn't happen in the above case. It is because of O1 being applied by default and since this is added at the last, it also overrides explicit copts passed(O0). It would be nice if the optimization level is a bit de-coupled from the default group here.

Closes #17355.

PiperOrigin-RevId: 507658773
Change-Id: I3aa4fb92a2dc271cbbedfc6f05e72a8a9b2aba09
2 files changed
tree: 9f94ad9b63c862deb00c3584f955a693fa01f6d8
  1. .bazelci/
  2. .github/
  3. examples/
  4. scripts/
  5. site/
  6. src/
  7. third_party/
  8. tools/
  9. .bazelrc
  10. .gitattributes
  11. .gitignore
  12. AUTHORS
  13. BUILD
  14. CHANGELOG.md
  15. CODE_OF_CONDUCT.md
  16. CODEOWNERS
  17. combine_distfiles.py
  18. combine_distfiles_to_tar.sh
  19. compile.sh
  20. CONTRIBUTING.md
  21. CONTRIBUTORS
  22. distdir.bzl
  23. distdir_deps.bzl
  24. LICENSE
  25. maven_install.json
  26. MODULE.bazel
  27. README.md
  28. SECURITY.md
  29. WORKSPACE
  30. WORKSPACE.bzlmod
README.md

Bazel

{Fast, Correct} - Choose two

Build and test software of any size, quickly and reliably.

  • Speed up your builds and tests: Bazel rebuilds only what is necessary. With advanced local and distributed caching, optimized dependency analysis and parallel execution, you get fast and incremental builds.

  • One tool, multiple languages: Build and test Java, C++, Android, iOS, Go, and a wide variety of other language platforms. Bazel runs on Windows, macOS, and Linux.

  • Scalable: Bazel helps you scale your organization, codebase, and continuous integration solution. It handles codebases of any size, in multiple repositories or a huge monorepo.

  • Extensible to your needs: Easily add support for new languages and platforms with Bazel's familiar extension language. Share and re-use language rules written by the growing Bazel community.

Getting Started

Documentation

Reporting a Vulnerability

To report a security issue, please email security@bazel.build with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. Our vulnerability management team will respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Contributing to Bazel

See CONTRIBUTING.md

Build status