Fuzzing: build with ASAN as well

Author: alexgeana

.github/workflows/build_and_fuzz.yml

@@ -26,3 +26,35 @@ jobs:
             -DENABLE_STATIC=ON    \
             -B build-msan
           cmake --build build-msan
+
+  fuzz_asan:
+    name: fuzz with AddressSanitizer
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: install dependencies from package management
+        env:
+          DEBIAN_FRONTEND: noninteractive
+        run: |
+          apt -q -y update
+          apt -q -y install                                                                 \
+            llvm-16 clang-16 lld-16                                                         \
+            build-essential cmake ninja-build pkg-config                                    \
+            libedit-dev libcurl4-openssl-dev libusb-1.0-0-dev gengetopt libpcsclite-dev
+
+      - name: clone the Yubico/yubihsm-shell repository
+        uses: actions/checkout@v3
+        with:
+          path: yubihsm-shell
+
+      - name: do build
+        working-directory: yubihsm-shell
+        run: |
+          cmake
+            -DFUZZING=ON          \
+            -DWITHOUT_MANPAGES=ON \
+            -DDISABLE_LTO=ON      \
+            -DENABLE_STATIC=ON    \
+            -B build-asan
+          cmake --build build-asan

cmake/SecurityFlags.cmake

@@ -4,7 +4,6 @@ if (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
     CMAKE_C_COMPILER_ID STREQUAL "AppleClang" OR
     CMAKE_C_COMPILER_ID STREQUAL "GNU")
 
-    add_compile_options (-Wall -Wextra -Werror)
     add_compile_options (-Wformat -Wformat-nonliteral -Wformat-security)
     add_compile_options (-Wshadow)
     add_compile_options (-Wcast-qual)
@@ -13,6 +12,7 @@ if (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
     add_compile_options (-pedantic -pedantic-errors)
     add_compile_options (-fpie -fpic)
     if (NOT FUZZING)
+        add_compile_options (-Wall -Wextra -Werror)
         add_compile_options(-O2)
         add_definitions (-D_FORTIFY_SOURCE=2)
     endif ()