Hi Mark, > But it would help if you replied to the original > reviews and/or mentioned how the different versions of your patch have > changed since the last time.
I did but it looks like those emails didn't pass the spam filter. I'll try to figure out what happened there. Sorry about that! > As far as I can see you only changed the > commit message a little this time. That's correct. I tried to explain in the commit message why `--disable-undefined` is implemented as a standalone option. > See how I used it to workaround isssues with the > gcc address sanitizer. You can use it likewise to work around issues > with clang. e.g. the configure check should detect the issue with > --no-undefined and could try if adding -lasan to LDFLAGS helps I saw that patch and I think it should make building elfutils with gcc and running the unit tests under ASan easier. Thanks! But it's based on the assumption that configure controls ASan flags and can change CFLAGS/LDFLAGS however it needs. Unfortunately I can't do that on OSS-Fuzz because all the sanitizer options are passed via CFLAGS there and I can't interfere with those CFLAGS. FWIW it isn't a theoretical issue because elfutils was integrated into OSS-Fuzz in https://github.com/google/oss-fuzz/pull/6944 and has been fuzzed there since then. And there elfutils is also built with MSan as well (which has never been implemented in gcc) and I'm not sure how additional configure options can cover that. I agree that it would be great to make `--enable-sanitize-{undefined,address}` work with clang as well but I think it can be done later on top of `--disable-undefined`. > Do you > know why these issues are flagged? Are there any extra ASAN_OPTIONS > set in these cases? No, there aren't. Those issues are flagged because -fsanitize=undefined in clang by default includes "pointer-overflow" and "vla-bound" (which as far as I know aren't available in gcc)
