Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing

To: debian-devel@lists.debian.org
Subject: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
From: Adam Borowski <kilobyte@angband.pl>
Date: Wed, 25 Sep 2013 18:42:47 +0200
Message-id: <[🔎] 20130925164247.GA27260@angband.pl>
In-reply-to: <[🔎] 87vc1orh51.fsf@windlord.stanford.edu>
References: <[🔎] 20130920190537.GZ27621@onerussian.com> <[🔎] 20130921051216.GN5094@outflux.net> <[🔎] 20130921124634.GX21512@fmf.nl> <[🔎] 20130921150813.GA21253@outflux.net> <[🔎] loom.20130924T134453-638@post.gmane.org> <[🔎] 87bo3imcj2.fsf@windlord.stanford.edu> <[🔎] loom.20130925T134128-696@post.gmane.org> <[🔎] 87vc1orh51.fsf@windlord.stanford.edu>

On Wed, Sep 25, 2013 at 09:38:18AM -0700, Russ Allbery wrote:
> Thorsten Glaser <tg@mirbsd.de> writes:
> > Russ Allbery <rra <at> debian.org> writes:
> Programs that don't check the return status of functions that they think
> won't ever fail are a bit of a pet peeve of mine, in part because it would
> make a lot of sense for localtime() to be able to fail when the question
> it was asked is undefined.  But no one ever checks the return status of
> localtime() for much the same reason that you spell out for not checking
> the return status of crypt(), which means that localtime() is required by
> all this legacy code to return arbitrary nonsense instead of an error.

__attribute__((warn_unused_result))

-- 
ᛊᚨᚾᛁᛏᚣ᛫ᛁᛊ᛫ᚠᛟᚱ᛫ᚦᛖ᛫ᚹᛖᚨᚲ

Reply to:

Follow-Ups:
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Russ Allbery <rra@debian.org>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

References:
- think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Yaroslav Halchenko <debian@onerussian.com>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Kees Cook <kees@debian.org>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Bas Wijnen <wijnen@debian.org>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Kees Cook <kees@debian.org>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Russ Allbery <rra@debian.org>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Thorsten Glaser <tg@mirbsd.de>
- Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Next by Date: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Previous by thread: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Next by thread: Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Index(es):
- Date
- Thread