Added new control flow sanitizer option

StableCoder · StableCoder · commit 2effa76b3a2e · 2022-01-23T19:38:39.000-05:00
Updated both the sanitizer file for adding the flag and the README.
diff --git a/README.md b/README.md
@@ -84,6 +84,7 @@ A quick rundown of the tools available, and what they do:
     - Division by zero
     - Unreachable code
 - [MemorySanitizer](https://clang.llvm.org/docs/MemorySanitizer.html) detects uninitialized reads.
+- [Control Flow Integrity](https://clang.llvm.org/docs/ControlFlowIntegrity.html) is designed to detect certain forms of undefined behaviour that can potentially allow attackers to subvert the program's control flow.
 
 These are used by declaring the `USE_SANITIZER` CMake variable as string containing any of:
 - Address
@@ -92,6 +93,7 @@ These are used by declaring the `USE_SANITIZER` CMake variable as string contain
 - Undefined
 - Thread
 - Leak
+- CFI
 
 Multiple values are allowed, e.g. `-DUSE_SANITIZER=Address,Leak` but some sanitizers cannot be combined together, e.g.`-DUSE_SANITIZER=Address,Memory` will result in configuration error. The delimeter character is not required and `-DUSE_SANITIZER=AddressLeak` would work as well.
 
diff --git a/sanitizers.cmake b/sanitizers.cmake
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2018 by George Cave - gcave@stablecoder.ca
+# Copyright (C) 2018-2022 by George Cave - gcave@stablecoder.ca
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may not
 # use this file except in compliance with the License. You may obtain a copy of
@@ -19,7 +19,7 @@ set(USE_SANITIZER
     ""
     CACHE
       STRING
-      "Compile with a sanitizer. Options are: Address, Memory, MemoryWithOrigins, Undefined, Thread, Leak, 'Address;Undefined'"
+      "Compile with a sanitizer. Options are: Address, Memory, MemoryWithOrigins, Undefined, Thread, Leak, 'Address;Undefined', CFI"
 )
 
 function(append value)
@@ -126,6 +126,18 @@ if(USE_SANITIZER)
       endif()
     endif()
 
+    if(USE_SANITIZER MATCHES "([Cc][Ff][Ii])")
+      message(STATUS "Testing with Control Flow Integrity(CFI) sanitizer")
+      set(SANITIZER_CFI_FLAG "-fsanitize=cfi")
+      test_san_flags(SANITIZER_CFI_AVAILABLE ${SANITIZER_CFI_FLAG})
+      if (SANITIZER_CFI_AVAILABLE)
+        message(STATUS "  Building with Control Flow Integrity(CFI) sanitizer")
+        append("${SANITIZER_LEAK_FLAG}" SANITIZER_SELECTED_FLAGS)
+      else()
+        message(FATAL_ERROR "Control Flow Integrity(CFI) sanitizer not available for ${CMAKE_CXX_COMPILER}")
+      endif()
+    endif()
+
     message(STATUS "Sanitizer flags: ${SANITIZER_SELECTED_FLAGS}")
     test_san_flags(SANITIZER_SELECTED_COMPATIBLE ${SANITIZER_SELECTED_FLAGS})
     if (SANITIZER_SELECTED_COMPATIBLE)
