From: Jonathan Wakely <jwakely@redhat.com>
To: "François Dumont" <frs.dumont@gmail.com>
Cc: "libstdc++@gcc.gnu.org" <libstdc++@gcc.gnu.org>,
gcc-patches <gcc-patches@gcc.gnu.org>
Subject: Re: [PATCH][_GLIBCXX_DEBUG] libbacktrace integration
Date: Wed, 5 May 2021 11:01:06 +0100 [thread overview]
Message-ID: <20210505100106.GT3008@redhat.com> (raw)
In-Reply-To: <48846543-8644-d37d-0339-3b999147a8bc@gmail.com>
On 04/05/21 08:03 +0200, François Dumont wrote:
>On 03/05/21 11:06 pm, Jonathan Wakely wrote:
>>On 03/05/21 22:17 +0200, François Dumont via Libstdc++ wrote:
>>>Is it too early to consider this patch ? Or just lack of time ?
>>
>>I haven't had time to review it yet, but my general feeling hasn't
>>changed. I still don't like the idea of executing additional code
>>after undefined behaviour is detected. I've been convinced by glibc
>>folk that every bit of code run when the program state is corrupt
>>increases the risk that it can be exploited by an attacker.
>>
>>
>>
>Ok, I must have miss (or forgot) this feedback.
See https://gcc.gnu.org/pipermail/libstdc++/2018-December/048061.html
>Well, isn't it the current situation of the whole _GLIBCXX_DEBUG mode ?
Yes, but adding more code makes it worse.
>For me _GLIBCXX_DEBUG mode purpose is to detect UB situation and to
>assert _before_ any UB code is run.
Yes, it stops running the user code, but then runs its own code to
format the message to show to the user. The more code that runs when
the program is in an inconsistent/undefined state, the more likely it
is that some of that code can be exploited to do something bad.
>Moreover it is optional. This is a feature to use when _GLIBCXX_DEBUG
>is telling you that you have a problem in your code but you just
>cannot find where it is called.
Which you can do with a debugger. When debug mode calls abort() it
will stop the program in a debugger, or produce a core file that can
be examined in a debugger.
The stacktrace is a convenience, not providing anything that couldn't
be done already.
Anyway, I'll review the patch...
next prev parent reply other threads:[~2021-05-05 10:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-24 13:46 François Dumont
2021-05-03 20:17 ` François Dumont
2021-05-03 21:06 ` Jonathan Wakely
2021-05-04 6:03 ` François Dumont
2021-05-05 10:01 ` Jonathan Wakely [this message]
2021-05-05 11:33 ` Jonathan Wakely
2021-05-07 14:26 ` Jonathan Wakely
2021-05-09 15:03 ` François Dumont
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210505100106.GT3008@redhat.com \
--to=jwakely@redhat.com \
--cc=frs.dumont@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=libstdc++@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).