From 462efe90b2a12ab3bee6460d89eb7560809d8cdd Mon Sep 17 00:00:00 2001
From: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>
Date: Fri, 24 Apr 2026 16:22:46 +0100
Subject: [PATCH] code review fixes

Signed-off-by: Pratik Mankawde <3397372+pratikmankawde@users.noreply.github.com>
---
 .github/scripts/strategy-matrix/generate.py | 18 ++++++++++--------
 sanitizers/suppressions/ubsan.supp          | 17 +++++++++--------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/.github/scripts/strategy-matrix/generate.py b/.github/scripts/strategy-matrix/generate.py
index 39696101ac..dec41a2610 100755
--- a/.github/scripts/strategy-matrix/generate.py
+++ b/.github/scripts/strategy-matrix/generate.py
@@ -51,14 +51,15 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         # Only generate a subset of configurations in PRs.
         if not all:
             # Debian:
-            # - Bookworm using GCC 13: Release on linux/amd64, set the reference
-            #   fee to 500.
-            # - Bookworm using GCC 15: Debug on linux/amd64, enable code
-            #   coverage (which will be done below).
+            # - Bookworm using GCC 13: Debug on linux/amd64, set the reference
+            #   fee to 500 and enable code coverage (which will be done below).
+            # - Bookworm using GCC 15: Debug on linux/amd64, enable Address and
+            #   UB sanitizers (which will be done below).
             # - Bookworm using Clang 16: Debug on linux/amd64, enable voidstar.
             # - Bookworm using Clang 17: Release on linux/amd64, set the
             #   reference fee to 1000.
-            # - Bookworm using Clang 20: Debug on linux/amd64.
+            # - Bookworm using Clang 20: Debug on linux/amd64, enable Address
+            #   and UB sanitizers (which will be done below).
             if os["distro_name"] == "debian":
                 skip = True
                 if os["distro_version"] == "bookworm":
@@ -193,8 +194,8 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         ):
             continue
 
-        # Enable code coverage for Debian Bookworm using GCC 15 in Debug on
-        # linux/amd64
+        # Enable code coverage for Debian Bookworm using GCC 13 in Debug on
+        # linux/amd64.
         if (
             f"{os['distro_name']}-{os['distro_version']}" == "debian-bookworm"
             and f"{os['compiler_name']}-{os['compiler_version']}" == "gcc-13"
@@ -234,7 +235,8 @@ def generate_strategy_matrix(all: bool, config: Config) -> list:
         # Add the configuration to the list, with the most unique fields first,
         # so that they are easier to identify in the GitHub Actions UI, as long
         # names get truncated.
-        # Add Address and Thread (both coupled with UB) sanitizers for specific bookworm distros.
+        # Add Address and UB sanitizers as separate configurations for specific
+        # bookworm distros. Thread sanitizer is currently disabled (see below).
         # GCC-Asan xrpld-embedded tests are failing because of https://github.com/google/sanitizers/issues/856
         if os[
             "distro_version"
diff --git a/sanitizers/suppressions/ubsan.supp b/sanitizers/suppressions/ubsan.supp
index 852138f0d7..88d8e82e33 100644
--- a/sanitizers/suppressions/ubsan.supp
+++ b/sanitizers/suppressions/ubsan.supp
@@ -91,8 +91,8 @@ unsigned-integer-overflow:rocks*/*/table/block_based/block_based_table_builder.c
 unsigned-integer-overflow:rocks*/*/table/block_based/reader_common.cc
 unsigned-integer-overflow:rocks*/*/db/version_set.cc
 alignment:rocks*/*/util/crc32c_arm64.cc
-undefined:rocks.*/*/util/crc32c_arm64.cc
-undefined:rocks.*/*/util/xxhash.h
+undefined:rocks*/*/util/crc32c_arm64.cc
+undefined:rocks*/*/util/xxhash.h
 
 # nudb intentional overflows in hash functions
 unsigned-integer-overflow:nudb/detail/xxhash.hpp
@@ -128,18 +128,19 @@ unsigned-integer-overflow:__chrono/duration.h
 # Signed integer negation (-value) in amount types.
 # INT64_MIN cannot occur in practice due to domain invariants (mantissa ranges
 # are well within int64_t bounds), but UBSan flags the pattern as potential
-# signed overflow.
-signed-integer-overflow:IOUAmount
-signed-integer-overflow:XRPAmount
-signed-integer-overflow:MPTAmount
-signed-integer-overflow:STAmount
+# signed overflow. Narrowed to operator- to avoid suppressing unrelated
+# overflows anywhere in a stack trace containing these type names.
+signed-integer-overflow:operator-*IOUAmount*
+signed-integer-overflow:operator-*XRPAmount*
+signed-integer-overflow:operator-*MPTAmount*
+signed-integer-overflow:operator-*STAmount*
 
 # STAmount::operator+ signed addition — operands are bounded by total supply
 # (~10^17 for XRP, ~10^18 for MPT) so overflow cannot occur in practice.
 signed-integer-overflow:operator+*STAmount*
 
 # STAmount::getRate uses unsigned shift and addition
-unsigned-integer-overflow:getRate*
+unsigned-integer-overflow:*STAmount*getRate*
 # STAmount::serialize uses unsigned bitwise operations
 unsigned-integer-overflow:*STAmount*serialize*