fix: disable unsigned integer overflow sanitization in build configurations

FYI: from https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html

`-fsanitize=unsigned-integer-overflow`: Unsigned integer overflow, where the result of an unsigned integer computation cannot be represented in its type. Unlike signed integer overflow, this is not undefined behavior, but it is often unintentional. This sanitizer does not check for lossy implicit conversions performed before such a computation.

It brings a more common question: which is better, pre-additional-check or post-additional-check to fix a potential unsigned integer overflow? A pre-additional-check involves using a check to prevent integer overflow from the very beginning. A post-additional-check involves using a check after addition to see if there is an overflow.

In this project, post-additional-checking is widely used. let's follow the routine.

for performance sensitive logic, use __builtin_add_overflow etc. provide something like https://github.com/yamt/toywasm/blob/9a5622791e99395e26e6e96cef830af3d91a1685/lib/platform.h#L176-L191 and encourage the use of them.

ref. #4549 (comment)

Author: lum1n0us

build-scripts/config_common.cmake

@@ -196,7 +196,10 @@ if (NOT WAMR_BUILD_SANITIZER STREQUAL "")
     message(FATAL_ERROR "Unsupported sanitizers: ${INVALID_SANITIZERS}")
   endif()
   # common flags for all sanitizers
-  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 -fno-omit-frame-pointer -fno-sanitize-recover=all")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O0 -fno-omit-frame-pointer -fno-sanitize-recover=all -fno-sanitize=alignment")
+  if(CMAKE_C_COMPILER_ID MATCHES ".*Clang")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-sanitize=unsigned-integer-overflow")
+  endif()
   if(SANITIZER_FLAGS)
     string(REPLACE ";" "," SANITIZER_FLAGS_STR "${SANITIZER_FLAGS}")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=${SANITIZER_FLAGS_STR}")

tests/fuzz/wasm-mutator-fuzz/aot-compiler/CMakeLists.txt

@@ -67,17 +67,7 @@ target_link_directories(aotclib PUBLIC ${LLVM_LIBRARY_DIR})
 
 target_link_libraries(aotclib PUBLIC ${REQUIRED_LLVM_LIBS})
 
-if(NOT IN_OSS_FUZZ)
-  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment for aotclib")
-  target_compile_options(aotclib PUBLIC
-    -fprofile-instr-generate -fcoverage-mapping
-    -fno-sanitize-recover=all
-    -fsanitize=address,undefined
-    -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
-    -fno-sanitize=alignment
-  )
-  target_link_options(aotclib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate)
-endif()
-
 add_executable(aot_compiler_fuzz aot_compiler_fuzz.cc)
 target_link_libraries(aot_compiler_fuzz PRIVATE stdc++ aotclib)
+
+include(${CMAKE_CURRENT_LIST_DIR}/../sanitizer_flags.cmake)

tests/fuzz/wasm-mutator-fuzz/sanitizer_flags.cmake

@@ -0,0 +1,25 @@
+if(NOT IN_OSS_FUZZ)
+  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment for vmlib")
+
+  add_compile_options(-fprofile-instr-generate -fcoverage-mapping)
+
+  #
+  # Sync up with the content of infra/base-images/base-builder/Dockerfile in oss-fuzz
+  #
+
+  # SANITIZER_FLAGS_address
+  add_compile_options(-fsanitize=address -fsanitize-address-use-after-scope)
+
+  # SANITIZER_FLAGS_undefined
+  add_compile_options(
+    -fsanitize=array-bounds,bool,builtin,enum,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unsigned-integer-overflow,unreachable,vla-bound,vptr
+    -fno-sanitize-recover=array-bounds,bool,builtin,enum,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr
+  )
+
+  add_link_options(-fsanitize=address,undefined -fprofile-instr-generate)
+endif()
+
+# Always disable unsigned-integer-overflow 
+if(CMAKE_C_COMPILER_ID MATCHES ".*Clang")
+  add_compile_options(-fno-sanitize=unsigned-integer-overflow)
+endif()

tests/fuzz/wasm-mutator-fuzz/wasm-mutator/CMakeLists.txt

@@ -57,14 +57,4 @@ target_link_libraries(vmlib PUBLIC ${REQUIRED_LLVM_LIBS})
 add_executable(wasm_mutator_fuzz wasm_mutator_fuzz.cc)
 target_link_libraries(wasm_mutator_fuzz PRIVATE vmlib m)
 
-if(NOT IN_OSS_FUZZ)
-  message(STATUS "Enable ASan and UBSan in non-oss-fuzz environment for vmlib")
-  target_compile_options(vmlib PUBLIC
-    -fprofile-instr-generate -fcoverage-mapping
-    -fno-sanitize-recover=all
-    -fsanitize=address,undefined
-    -fsanitize=float-divide-by-zero,unsigned-integer-overflow,local-bounds,nullability
-    -fno-sanitize=alignment
-  )
-  target_link_options(vmlib PUBLIC -fsanitize=address,undefined -fprofile-instr-generate)
-endif()
+include(${CMAKE_CURRENT_LIST_DIR}/../sanitizer_flags.cmake)