Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
On Fri, 20 Sep 2013, Russ Allbery wrote:
> Yaroslav Halchenko <firstname.lastname@example.org> writes:
> > long story short -- reason was the combination of optimization (-O1 was
> > enough) + -D_FORTIFY_SOURCE=2 to fall into the "undefined" darkness of C
> > standard(s) in s*printf() functions (man 3 sprintf, search for undefined
> > or NOTES).
> So basically a variation of the old problem of calling memcpy when one
> meant to use memmove. I'm actually surprised that type of call to sprintf
> ever worked reliably with optimization, even without _FORTIFY_SOURCE.
> But, like memcpy vs. memmove, it's the sort of thing that's horribly
> difficult to debug.
yeah... and imagine this little utility being a part of a big script and
then you only usually see the end-result being "strange" ;)
For anyone interested in validation of computing pipelines I would like
to introduce you to a project of your fellow DD Michael Hanke:
https://testkraut.readthedocs.org/en/latest/ which apparently we
ourselves yet underutilizing in NeuroDebian... but I guess will
will start using now sooner than later. The main gist of it is to
provide unified yet very flexible framework for (but not limited to)
Results are 'fingerprinted' so they could be easily
compared/analyzed to verify/compare the performance of tools and
complete pipelines in a generic fashion.
Yaroslav O. Halchenko, Ph.D.
http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org
Senior Research Associate, Psychological and Brain Sciences Dept.
Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755
Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419