build: Add a new build flag, use_cfi_icall.

build/config/sanitizers/sanitizers.gni

 # Copyright 2015 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 import("//build/config/chrome_build.gni")
 import("//build/toolchain/toolchain.gni")
 
 declare_args() {
   # Compile for Address Sanitizer to find memory bugs.
   is_asan = false
@@ skipping 44 matching lines @@
   #
   # TODO(pcc): Remove this flag if/when CFI is enabled in all official builds.
   is_cfi = target_os == "linux" && !is_chromeos && target_cpu == "x64" &&
            is_official_build && allow_posix_link_time_opt
 
   # Enable checks for bad casts: derived cast and unrelated cast.
   # TODO(krasin): remove this, when we're ready to add these checks by default.
   # https://crbug.com/626794
   use_cfi_cast = false
 
+  # Enable checks for indirect function calls via a function pointer.
+  # TODO(pcc): remove this when we're ready to add these checks by default.
+  # https://crbug.com/701919
+  use_cfi_icall = false
+
   # By default, Control Flow Integrity will crash the program if it detects a
   # violation. Set this to true to print detailed diagnostics instead.
   use_cfi_diag = false
 
   # Compile for fuzzing with LLVM LibFuzzer.
   # See http://www.chromium.org/developers/testing/libfuzzer
   use_libfuzzer = false
 
   # Compile for fuzzing with AFL.
   use_afl = false
@@ skipping 108 matching lines @@
 assert(!is_debug || !(is_msan || is_ubsan || is_ubsan_null || is_ubsan_vptr),
        "Sanitizers should generally be used in release (set is_debug=false).")
 
 assert(!is_msan || (is_linux && current_cpu == "x64"),
        "MSan currently only works on 64-bit Linux and ChromeOS builds.")
 
 # ASAN build on Windows is not working in debug mode. Intercepting memory
 # allocation functions is hard on Windows and not yet implemented in LLVM.
 assert(!is_win || !is_debug || !is_asan,
        "ASan on Windows doesn't work in debug (set is_debug=false).")