From 8be83e4d6f383fda7114fd381066c9cccdff6d92 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianr@jfrog.com>
Date: Fri, 14 Nov 2025 09:20:30 +0100
Subject: [PATCH 1/5] Add custom build type for Sanitizers

Signed-off-by: Uilian Ries <uilianr@jfrog.com>
---
 security/sanitizers.rst | 61 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 58 insertions(+), 3 deletions(-)

diff --git a/security/sanitizers.rst b/security/sanitizers.rst
index 6a0cbf5f5a63..b73bebda9936 100644
--- a/security/sanitizers.rst
+++ b/security/sanitizers.rst
@@ -260,8 +260,8 @@ during the build process. It is necessary to pass the expected sanitizer flags a
 Conan's built-in toolchains (like ``CMakeToolchain`` and ``MesonToolchain``) will automatically
 pick up the flags defined in the ``[conf]`` section and apply them to the build.
 
-Managing sanitizers with a CMake toolchain
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+Managing sanitizers with a custom CMake toolchain
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 Besides using Conan profiles to manage sanitizer settings, you can also use other approaches.
 
@@ -293,7 +293,7 @@ Then, specify this toolchain file as part of your Conan profile:
    compiler.sanitizer=AddressUndefinedBehavior
 
    [conf]
-   tools.cmake.cmaketoolchain:user_toolchain=cmake/my_toolchain.cmake
+   tools.cmake.cmaketoolchain:user_toolchain=["<path_to>/cmake/my_toolchain.cmake"]
 
 This way, you can keep your existing CMake toolchain file and still leverage Conan profiles to manage other settings.
 
@@ -301,6 +301,61 @@ Note that this approach only works if all dependencies are built using CMake and
 If you have dependencies using other build systems (e.g., Meson, Autotools), those dependencies will not receive the sanitizer flags
 defined in your custom CMake toolchain file.
 
+Managing sanitizers as a custom CMake Build Type
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Similar to managing sanitizers with a custom CMake toolchain, but without ``compiler.sanitizer`` custom settings,
+is to define sanitizers as part of a custom CMake build type. This way, you can select the desired sanitizer configuration
+by specifying the build type during the CMake configuration step.
+To achieve this, you can create a custom CMake toolchain file that maps build types to sanitizer flags. For example:
+
+.. code-block:: cmake
+   :caption: cmake/sanitizer_toolchain.cmake
+
+   if(CMAKE_BUILD_TYPE STREQUAL "DebugASan")
+       set(SANITIZER_FLAGS "-fsanitize=address -fno-omit-frame-pointer")
+   elseif(CMAKE_BUILD_TYPE STREQUAL "DebugUBSan")
+       set(SANITIZER_FLAGS "-fsanitize=undefined -fno-omit-frame-pointer")
+   elseif(CMAKE_BUILD_TYPE STREQUAL "DebugASanUBSan")
+       set(SANITIZER_FLAGS "-fsanitize=address,undefined -fno-omit-frame-pointer")
+   else()
+       set(SANITIZER_FLAGS "")
+   endif()
+
+   set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${SANITIZER_FLAGS}")
+   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SANITIZER_FLAGS}")
+   set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${SANITIZER_FLAGS}")
+   set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${SANITIZER_FLAGS}")
+
+Also, you will need to update your ``settings_user.yml`` to include the new build types:
+
+.. code-block:: yaml
+   :caption: settings_user.yml
+   :emphasize-lines: 1
+
+   build_type: [DebugASan, DebugUBSan, DebugASanUBSan,]
+
+Then, in your Conan profile, specify this toolchain file:
+
+.. code-block:: ini
+   :caption: profiles/gcc_asan_ubsan
+
+   [settings]
+   arch=x86_64
+   os=Linux
+   build_type=DebugASan
+   compiler=gcc
+   compiler.cppstd=gnu20
+   compiler.libcxx=libstdc++11
+   compiler.version=15
+
+   [conf]
+   tools.cmake.cmaketoolchain:user_toolchain=["<path_to>/sanitizer_toolchain.cmake"]
+
+
+Using this approach, you can easily switch between different sanitizer configurations and standard build types,
+preserving the package ID differentiation based on the build type.
+
 Practical Usage Examples
 ------------------------
 

From 5311a8aeb4696c725ba5265bdc4143bb628224df Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianr@jfrog.com>
Date: Fri, 14 Nov 2025 09:49:59 +0100
Subject: [PATCH 2/5] Add -g flag to Debug toolchain

Signed-off-by: Uilian Ries <uilianr@jfrog.com>
---
 security/sanitizers.rst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/sanitizers.rst b/security/sanitizers.rst
index b73bebda9936..cf418bf648af 100644
--- a/security/sanitizers.rst
+++ b/security/sanitizers.rst
@@ -313,11 +313,11 @@ To achieve this, you can create a custom CMake toolchain file that maps build ty
    :caption: cmake/sanitizer_toolchain.cmake
 
    if(CMAKE_BUILD_TYPE STREQUAL "DebugASan")
-       set(SANITIZER_FLAGS "-fsanitize=address -fno-omit-frame-pointer")
+       set(SANITIZER_FLAGS "-g -fsanitize=address -fno-omit-frame-pointer")
    elseif(CMAKE_BUILD_TYPE STREQUAL "DebugUBSan")
-       set(SANITIZER_FLAGS "-fsanitize=undefined -fno-omit-frame-pointer")
+       set(SANITIZER_FLAGS "-g -fsanitize=undefined -fno-omit-frame-pointer")
    elseif(CMAKE_BUILD_TYPE STREQUAL "DebugASanUBSan")
-       set(SANITIZER_FLAGS "-fsanitize=address,undefined -fno-omit-frame-pointer")
+       set(SANITIZER_FLAGS "-g -fsanitize=address,undefined -fno-omit-frame-pointer")
    else()
        set(SANITIZER_FLAGS "")
    endif()

From 47bc9f743d3983485de4a2ececc81f518d402e10 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianr@jfrog.com>
Date: Fri, 14 Nov 2025 10:11:00 +0100
Subject: [PATCH 3/5] Add note about manually managing compiler flags

Signed-off-by: Uilian Ries <uilianr@jfrog.com>
---
 security/sanitizers.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/security/sanitizers.rst b/security/sanitizers.rst
index cf418bf648af..743c42ebafe4 100644
--- a/security/sanitizers.rst
+++ b/security/sanitizers.rst
@@ -352,6 +352,10 @@ Then, in your Conan profile, specify this toolchain file:
    [conf]
    tools.cmake.cmaketoolchain:user_toolchain=["<path_to>/sanitizer_toolchain.cmake"]
 
+Be aware that this approach uses a custom build type, as a result, Conan will not automatically
+apply the standard flags associated with the Debug build type. Therefore, in your custom toolchain file,
+you need to also define the flags that correspond to the desired based build type, for example, that ``-g``
+flag that matches the Debug ``build_type`` in gcc-like compilers.
 
 Using this approach, you can easily switch between different sanitizer configurations and standard build types,
 preserving the package ID differentiation based on the build type.

From c9eaf84767dae5dbeedb7406e806dc2842278e72 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Fri, 14 Nov 2025 11:12:48 +0100
Subject: [PATCH 4/5] Simplify list

Co-authored-by: Carlos Zoido <mrgalleta@gmail.com>
---
 security/sanitizers.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/sanitizers.rst b/security/sanitizers.rst
index 743c42ebafe4..5c7ed313c671 100644
--- a/security/sanitizers.rst
+++ b/security/sanitizers.rst
@@ -333,7 +333,7 @@ Also, you will need to update your ``settings_user.yml`` to include the new buil
    :caption: settings_user.yml
    :emphasize-lines: 1
 
-   build_type: [DebugASan, DebugUBSan, DebugASanUBSan,]
+   build_type: [DebugASan, DebugUBSan, DebugASanUBSan]
 
 Then, in your Conan profile, specify this toolchain file:
 

From 411661b8407605509824f11e5c5e5129228bdee6 Mon Sep 17 00:00:00 2001
From: Uilian Ries <uilianries@gmail.com>
Date: Fri, 14 Nov 2025 11:13:25 +0100
Subject: [PATCH 5/5] Update description section

Co-authored-by: Carlos Zoido <mrgalleta@gmail.com>
---
 security/sanitizers.rst | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/security/sanitizers.rst b/security/sanitizers.rst
index 5c7ed313c671..f0a0e1e61ef3 100644
--- a/security/sanitizers.rst
+++ b/security/sanitizers.rst
@@ -304,9 +304,7 @@ defined in your custom CMake toolchain file.
 Managing sanitizers as a custom CMake Build Type
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Similar to managing sanitizers with a custom CMake toolchain, but without ``compiler.sanitizer`` custom settings,
-is to define sanitizers as part of a custom CMake build type. This way, you can select the desired sanitizer configuration
-by specifying the build type during the CMake configuration step.
+Another option, without using the custom ``compiler.sanitizer`` setting, is to define sanitizers as a custom CMake build type. In this approach, you select the sanitizer configuration by choosing the build type during the CMake configure step.
 To achieve this, you can create a custom CMake toolchain file that maps build types to sanitizer flags. For example:
 
 .. code-block:: cmake