[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing

Adam Borowski <kilobyte@angband.pl> writes:
> On Wed, Sep 25, 2013 at 09:38:18AM -0700, Russ Allbery wrote:

>> Programs that don't check the return status of functions that they
>> think won't ever fail are a bit of a pet peeve of mine, in part because
>> it would make a lot of sense for localtime() to be able to fail when
>> the question it was asked is undefined.  But no one ever checks the
>> return status of localtime() for much the same reason that you spell
>> out for not checking the return status of crypt(), which means that
>> localtime() is required by all this legacy code to return arbitrary
>> nonsense instead of an error.

> __attribute__((warn_unused_result))

Now that is an *excellent* idea for crypt().  In fact, I'm surprised that
it's not already tagged with that attribute.  I think I'll suggest that on
libc-alpha.  Thanks!

Doing that for localtime() may be too much of an uphill climb.  :/

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: