[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing

On Fri, Sep 20, 2013 at 10:01:36PM -0300, Henrique de Moraes Holschuh wrote:
> IMHO: fix everything gcc, llvm and the static testers complain about (which
> can be quite troublesome, as you must be *sure* you're actually fixing the
> issue instead of making it worse by silencing the warning without fixing a
> real bug).

Ubuntu usually decides to silence the warnings instead of fixing the bug.

> I'd also manually check every instance of (at the very least) memcopy,
> *printf, and friends, and run a batch of tests (i.e. use the program) under
> valgrind and other such dynamic behaviour checking tools.

Doesn't gcc or clang already catch calls to *printf and can do
additional checks on it's own?  At least with clang/llvm it should be
trivial to find most of them.


The heart is not a logical organ.
		-- Dr. Janet Wallace, "The Deadly Years", stardate 3479.4

Reply to: