commit 1f1c251a637f42300db0b3f2632ac5b2a475d28d
author Aaron Green <aarongreen@google.com> Thu Apr 16 10:05:43 2020 -0700
committer Aaron Green <aarongreen@google.com> Fri Apr 24 15:22:39 2020 +0000
tree a1408da1e18dc7e3866c5d4f5a5cb8994c49daa9
parent 1fed89ccfdd3c611130827d7ce8f72132f010d1a

Allow-list unsigned integer overflows.

This CL adds the 'no_sanitize("unsigned-integer-overflow")' Clang/LLVM
attribute to several locations that intentionally rely on that behavior.

From https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html: "this
is not undefined behavior, but it is often unintentional." By using an
explicit allow-list, we should still be able to detect the latter case.

Change-Id: I7d7da40c73fd22b6b29196dc4788eb00fca61439
Bug: 190

pw_tokenizer/simple_tokenize_test.cc

diff --git a/pw_tokenizer/simple_tokenize_test.cc b/pw_tokenizer/simple_tokenize_test.cc
index ce84db8..7af8702 100644
--- a/pw_tokenizer/simple_tokenize_test.cc
+++ b/pw_tokenizer/simple_tokenize_test.cc
@@ -23,7 +23,8 @@
 namespace {
 
 template <size_t kSize>
-uint32_t TestHash(const char (&str)[kSize]) {
+uint32_t TestHash(const char (&str)[kSize])
+    PW_NO_SANITIZE("unsigned-integer-overflow") {
   static_assert(kSize > 0u, "Must have at least a null terminator");
 
   static constexpr uint32_t k65599HashConstant = 65599u;
@@ -36,6 +37,8 @@
       std::min(static_cast<size_t>(PW_TOKENIZER_CFG_HASH_LENGTH), kSize - 1);
 
   // Hash all of the characters in the string as unsigned ints.
+  // The coefficient calculation is done modulo 0x100000000, so the unsigned
+  // integer overflows are intentional.
   for (size_t i = 0; i < length; ++i) {
     hash += coefficient * str[i];
     coefficient *= k65599HashConstant;