about -Wstack-protector
Andrew Bartlett
abartlet at samba.org
Wed Nov 14 04:08:38 MST 2012
On Wed, 2012-11-14 at 00:30 -0800, Matthieu Patou wrote:
> On 11/13/2012 04:32 AM, Björn JACKE wrote:
> > Hi Matthieu,
> >
> > On 2012-11-11 at 13:46 -0800 Matthieu Patou sent off:
> >> in change e6643fbf you added a search for -Wstack-protector.
> >> I'm not sure that lib/replace/wscript is the place for this kind of
> >> tests,
> > that's the place where similar things have been setup in waf before. Wanna
> > propose a better place?
> >
> Well I think that at the root in wscript but that just my humble point
> of view.
We have tried to make librepace be mostly about portability stuff. The
other place that is pulled into all projects is the buildtools/wafsamba
code.
I agree that distinctions here have not been well expressed.
> >> also it would have been nice not to mess tabs and space, we
> >> tend to use only space for indentation in python script.
> > sorry, I'll fix this or we should clear that when we move it to a different
> > place in the waf build then.
> >
> >
> >> What's more important is that if you want the warning to be effective you
> >> need to enable -fstack-protector, for instance on my linux 12.04 ubuntu it's
> >> not but on my mac mini it's on.
> > ahh, that's why there came no warnings. I was actually surprised that samba
> > should be stack-protector warning clean :-)
> yeah ... but trust me on mac mini it's highly verbose
> >
> >
> >> And last but not least having warnings about the stack protector not being
> >> setup is good but in the same time it generates a lot of new warnings, maybe
> >> we should fix the existing ones before ?
> > do you have some fixes from your OS X build already?
> no but I can get you an account if you want to log and try fixing it, I
> guess that you could be able to reproduce on any linux platform if you
> add the -fstack-protector
>
> But really I'm not too keen on adding more warnings, also I'm not so
> sure on how to fix it, it seems that the fix is not obvious my
> understanding is that you get a warning when there isn't a 4/8 (more ?)
> bytes array in the stack variables but I'm not even sure that I got it
> right and if so why does it needs to have an array at least that big.
>
> Note that I don't think that using -fstack-protector is a bad idea and
> maybe we should enable it but adding the warnings for when gcc can't add
> the stack protection is maybe useless for the moment.
I agree. This doesn't belong in the code until both -fstack-protector
is already on, and if there is any meaningful thing a developer can do
to fix it. Otherwise we just create noise.
Until then, as a probe of how much this might fire, consider
CFLAGS=-Wstack-protector
Indeed, it seems a very odd warning at all - it is more like a
diagnostic, so you can tell if you might really want to set
-fstack-protector-all, not a warning about something you can fix by
changing code.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list