about -Wstack-protector

Matthieu Patou mat at samba.org
Wed Nov 14 01:30:29 MST 2012 

On 11/13/2012 04:32 AM, Björn JACKE wrote:
> Hi Matthieu,
>
> On 2012-11-11 at 13:46 -0800 Matthieu Patou sent off:
>> in change e6643fbf you added a search for -Wstack-protector.
>> I'm not sure that lib/replace/wscript is the place for this kind of
>> tests,
> that's the place where similar things have been setup in waf before. Wanna
> propose a better place?
>
Well I think that at the root in wscript but that just my humble point 
of view.
>> also it would have been nice not to mess tabs and space, we
>> tend to use only space for indentation in python script.
> sorry, I'll fix this or we should clear that when we move it to a different
> place in the waf build then.
>
>   
>> What's more important is that if you want the warning to be effective you
>> need to enable -fstack-protector, for instance on my linux 12.04 ubuntu it's
>> not but on my mac mini it's on.
> ahh, that's why there came no warnings. I was actually surprised that samba
> should be stack-protector warning clean :-)
yeah ... but trust me on mac mini it's highly verbose
>
>
>> And last but not least having warnings about the stack protector not being
>> setup is good but in the same time it generates a lot of new warnings, maybe
>> we should fix the existing ones before ?
> do you have some fixes from your OS X build already?
no but I can get you an account if you want to log and try fixing it, I 
guess that you could be able to reproduce on any linux platform if you 
add the -fstack-protector

But really I'm not too keen on adding more warnings, also I'm not so 
sure on how to fix it, it seems that the fix is not obvious my 
understanding is that you get a warning when there isn't a 4/8 (more ?) 
bytes array in the stack variables but I'm not even sure that I got it 
right and if so why does it needs to have an array at least that big.

Note that I don't think that using -fstack-protector is a bad idea and 
maybe we should enable it but adding the warnings for when gcc can't add 
the stack protection is maybe useless for the moment.

Best,
Matthieu.

-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba-technical mailing list