Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
On Fri, Sep 20, 2013 at 09:04:43PM -0400, Yaroslav Halchenko wrote:
> On Fri, 20 Sep 2013, Bastian Blank wrote:
> > On Fri, Sep 20, 2013 at 03:05:37PM -0400, Yaroslav Halchenko wrote:
> > > long story short -- reason was the combination of optimization (-O1 was enough)
> > > + -D_FORTIFY_SOURCE=2 to fall into the "undefined" darkness of C standard(s)
> > > in s*printf() functions (man 3 sprintf, search for undefined or NOTES).
> > So the code is already full of undefined behaviour?
> yes. but so far it was (surprisingly) consistent behaviour so far...
Undefined behaviour includes anything from
- works to
- starts the third world war.
> > > To mitigate this issue, besides reporting upstream, for now I had to disable
> > > this fortification with
> > > DEB_BUILD_HARDENING_FORTIFY := 0
> > > preceding inclusion of /usr/share/hardening-includes/hardening.make
> > I would call code that hits such clear definitions too buggy to be
> > supported.
> yeah -- let's burn it!!!... oh no -- I am using it, so I guess I
> better fix/report bugs ;-)
Did you write a bug-report to remind of this problem? With severity
serious, so it will show up if unfixed?
You! What PLANET is this!
-- McCoy, "The City on the Edge of Forever", stardate 3134.0