From b744914fcb76d70761f1b667de95841b3fc80a56 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Sat, 9 Jan 2021 00:36:05 +1100
Subject: [PATCH] Add test against Graphene hardened malloc.

---
 .github/setup_ci.sh         | 12 +++++++++++-
 .github/workflows/c-cpp.yml |  1 +
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index 61349be11..2d489b7ed 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -40,7 +40,10 @@ for TARGET in $TARGETS; do
     "--with-selinux")
         PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
         ;;
-    *) echo "Invalid option"
+    "--with-ldflags=-lhardened_malloc")
+        INSTALL_HARDENED_MALLOC=yes
+       ;;
+    *) echo "Invalid option '${TARGET}'"
         exit 1
         ;;
     esac
@@ -56,3 +59,10 @@ if [ "x" != "x$PACKAGES" ]; then
     sudo apt update -qq
     sudo apt install -qy $PACKAGES
 fi
+
+if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
+    (cd ${HOME} &&
+     git clone https://github.com/GrapheneOS/hardened_malloc.git &&
+     cd ${HOME}/hardened_malloc &&
+     make && sudo cp libhardened_malloc.so /usr/lib/)
+fi
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
index 5c5dd6bd8..c019d96e7 100644
--- a/.github/workflows/c-cpp.yml
+++ b/.github/workflows/c-cpp.yml
@@ -16,6 +16,7 @@ jobs:
         configs:
         - ""
         - "--with-kerberos5 --with-libedit --with-pam --with-security-key-builtin --with-selinux"
+        - "--with-ldflags=-lhardened_malloc"
 
     steps:
     - uses: actions/checkout@v2