From: Paul Eggert <eggert@cs.ucla.edu>
To: Aaron Ballman <aaron@aaronballman.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>,
Zack Weinberg <zack@owlfolio.org>,
c-std-porting@lists.linux.dev, autoconf@gnu.org, gcc@gcc.gnu.org,
cfe-commits@lists.llvm.org, Gnulib bugs <bug-gnulib@gnu.org>
Subject: Re: How can Autoconf help with the transition to stricter compilation defaults?
Date: Tue, 15 Nov 2022 15:09:19 -0800 [thread overview]
Message-ID: <7ee13f9a-f3e9-8b0b-2b02-64527227fcc1@cs.ucla.edu> (raw)
In-Reply-To: <CAAt6xTtfqGfw7YO2c5130acpnz6dZSfP+J5EzS-523KSQGJCMA@mail.gmail.com>
>> Can you cite any examples of a real-world security flaw what would be
>> found by Clang erroring out because 'char foo(void);' is the wrong
>> prototype? Is it plausible that any such security flaw exists?
> CVE-2006-1174 is a possibly reasonable example.
CVE-2006-1174 is not an example, because no prototype 'char foo(void);'
was involved.[1]
Here's a more concrete proposal that should allay any realistic concerns
about CVEs. If Clang decides to change its behavior in this area, so
that Clang starts to exit with nonzero status if the user declares a
function with a prototype incompatible with the C library, it would be a
service to real users if Clang merely issues a warning and does *not*
error out if the declaration is 'char foo();' (current Autoconf) or
'char foo(void);' (future Autoconf).
This may be a hack, but it's a *good* hack. It's likely to fix
real-world bugs that would be caused if Clang becomes overly pedantic by
default here. And the probability of introducing real-world bugs is
essentially zero.
> You can run into that same bug
> with use of `-Werror`
That's OK, as the Autoconf documentation already says "don't do that".
And if Clang exits with nonzero status in the above situation when
-Werror is specified, that's fine too.
[1] CVE-2006-1174 is not even an example of prototype mismatch, as the
bad C code did not misdeclare the function in question: it used a POSIX
standard include file for the function prototype, which is the standard
way to do things.
next prev parent reply other threads:[~2022-11-15 23:09 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-10 17:16 Zack Weinberg
2022-11-10 17:52 ` Nick Bowler
2022-11-10 17:58 ` Jonathan Wakely
2022-11-10 18:12 ` Jonathan Wakely
2022-11-10 18:44 ` Aaron Ballman
2022-11-12 2:56 ` Zack Weinberg
2022-11-10 18:05 ` Rich Felker
2022-11-10 21:44 ` Florian Weimer
2022-11-12 3:22 ` Zack Weinberg
2022-11-10 18:08 ` Florian Weimer
2022-11-12 3:40 ` Zack Weinberg
2022-11-12 3:43 ` Sam James
2022-11-12 14:27 ` Zack Weinberg
2022-11-12 3:45 ` Joseph Myers
2022-11-12 15:59 ` Wookey
2022-11-12 16:12 ` Zack Weinberg
2022-11-10 18:19 ` Aaron Ballman
2022-11-10 21:05 ` Paul Eggert
2022-11-11 15:11 ` Aaron Ballman
2022-11-13 0:43 ` Paul Eggert
2022-11-14 12:41 ` Aaron Ballman
2022-11-14 18:14 ` Paul Eggert
2022-11-14 18:30 ` Florian Weimer
2022-11-14 18:35 ` Aaron Ballman
2022-11-15 14:50 ` Jonathan Wakely
2022-11-15 19:08 ` Paul Eggert
2022-11-15 19:27 ` Jonathan Wakely
2022-11-15 20:27 ` Paul Eggert
2022-11-15 20:57 ` Aaron Ballman
2022-11-15 23:09 ` Paul Eggert [this message]
2022-11-15 23:43 ` Ben Boeckel
2022-11-16 14:26 ` Michael Matz
2022-11-16 14:40 ` Alexander Monakov
2022-11-16 15:01 ` Michael Matz
2022-11-16 15:27 ` Richard Biener
2022-11-16 15:35 ` Sam James
2022-11-16 15:59 ` Michael Matz
2022-11-16 16:20 ` Jonathan Wakely
2022-11-16 16:34 ` Michael Matz
2022-11-16 16:46 ` Jonathan Wakely
2022-11-16 18:17 ` Paul Eggert
2022-11-16 18:40 ` Jeffrey Walton
2022-11-17 18:45 ` Paul Eggert
2022-11-16 18:59 ` Zack Weinberg
2022-11-17 18:58 ` Paul Eggert
2022-11-17 21:35 ` Bruno Haible
2022-11-17 22:27 ` Paul Eggert
2022-11-17 13:30 ` Michael Matz
2022-11-15 20:36 ` Aaron Ballman
2022-11-15 5:03 ` Sam James
2022-11-15 13:30 ` Zack Weinberg
2022-11-15 13:34 ` Sam James
2022-11-16 0:08 ` Bob Friesenhahn
2022-11-13 0:43 ` Paul Eggert
2022-11-17 13:57 ` Jason Merrill
2022-11-10 20:19 ` Paul Eggert
[not found] ` <d785b19371e8419f5a5817d7cdb429db91614a3a.camel@orlitzky.com>
2022-11-11 3:08 ` Sam James
2022-11-11 3:33 ` Zack Weinberg
2022-11-11 8:40 ` Sam James
2022-11-11 9:02 ` Paul Eggert
2022-11-12 14:09 ` Zack Weinberg
2022-11-11 23:25 ` Sam James
2022-11-12 0:53 ` Paul Eggert
2022-11-12 4:00 ` Sam James
2022-11-11 9:15 ` Sam James
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7ee13f9a-f3e9-8b0b-2b02-64527227fcc1@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=aaron@aaronballman.com \
--cc=autoconf@gnu.org \
--cc=bug-gnulib@gnu.org \
--cc=c-std-porting@lists.linux.dev \
--cc=cfe-commits@lists.llvm.org \
--cc=gcc@gcc.gnu.org \
--cc=jwakely.gcc@gmail.com \
--cc=zack@owlfolio.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).