Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Adam Borowski <kilobyte@angband.pl> writes:
> On Wed, Sep 25, 2013 at 09:38:18AM -0700, Russ Allbery wrote:
>> Programs that don't check the return status of functions that they
>> think won't ever fail are a bit of a pet peeve of mine, in part because
>> it would make a lot of sense for localtime() to be able to fail when
>> the question it was asked is undefined. But no one ever checks the
>> return status of localtime() for much the same reason that you spell
>> out for not checking the return status of crypt(), which means that
>> localtime() is required by all this legacy code to return arbitrary
>> nonsense instead of an error.
> __attribute__((warn_unused_result))
Now that is an *excellent* idea for crypt(). In fact, I'm surprised that
it's not already tagged with that attribute. I think I'll suggest that on
libc-alpha. Thanks!
Doing that for localtime() may be too much of an uphill climb. :/
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: