-Werror=format-security (Re: [PATCH] Fix the build)
Stefan Metzmacher
metze at samba.org
Mon Sep 5 07:24:59 UTC 2016
Hi,
I think we should use -Werror=format-security by default if supported
by the compiler. This way autobuild will catch this before it lands in
master.
Please review and push the attached patch.
Thanks!
metze
> Review appreciated!
>
> Looking at commit 1c636532874da from a few weeks ago I begin to question
> the value of our README.Coding file. I've asked a few times to fix
> patches to follow the 80-column rule, I even provided patches to assist.
>
> There's a reason why we have this rule: It's not that we are all sitting
> at 3270 or vt100 terminals. We want to avoid arbitrarily deeply nested
> control structures. It might be more work, but well-named factored
> out subfunctions foster unterstanding of complex code. Looking at
> dsdb_garbage_collect_tombstones(), we have four (!!) levels of nested
> for-loops. One line I've just come across almost touches twice the
> 80-columns with its length of 157 chars.
>
> So, shall we drop the README.Coding section on 80 chars, as it is not
> generally seen as worthwhile following?
>
> Volker
>
-------------- next part --------------
From 1f49215b9bfeaa45fdfb335094b34424cd69221e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 2 Sep 2016 17:23:28 +0200
Subject: [PATCH] wafsamba: add -Werror=format-security to the developer build
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
buildtools/wafsamba/samba_autoconf.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 5f35d77..795d130 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -708,6 +708,7 @@ def SAMBA_CONFIG_H(conf, path=None):
testflags=True)
conf.ADD_CFLAGS('-Wformat=2 -Wno-format-y2k', testflags=True)
+ conf.ADD_CFLAGS('-Werror=format-security -Wformat-security', testflags=True)
# This check is because for ldb_search(), a NULL format string
# is not an error, but some compilers complain about that.
if CHECK_CFLAGS(conf, ["-Werror=format", "-Wformat=2"], '''
--
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160905/84bd85ba/signature.sig>
More information about the samba-technical
mailing list