-Werror=format-security (Re: [PATCH] Fix the build)

Stefan Metzmacher metze at samba.org
Mon Sep 5 07:24:59 UTC 2016 

Hi,

I think we should use -Werror=format-security by default if supported
by the compiler. This way autobuild will catch this before it lands in
master.

Please review and push the attached patch.

Thanks!
metze

> Review appreciated!
> 
> Looking at commit 1c636532874da from a few weeks ago I begin to question
> the value of our README.Coding file. I've asked a few times to fix
> patches to follow the 80-column rule, I even provided patches to assist.
> 
> There's a reason why we have this rule: It's not that we are all sitting
> at 3270 or vt100 terminals. We want to avoid arbitrarily deeply nested
> control structures. It might be more work, but well-named factored
> out subfunctions foster unterstanding of complex code. Looking at
> dsdb_garbage_collect_tombstones(), we have four (!!)  levels of nested
> for-loops. One line I've just come across almost touches twice the
> 80-columns with its length of 157 chars.
> 
> So, shall we drop the README.Coding section on 80 chars, as it is not
> generally seen as worthwhile following?
> 
> Volker
> 
-------------- next part --------------
From 1f49215b9bfeaa45fdfb335094b34424cd69221e Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Fri, 2 Sep 2016 17:23:28 +0200
Subject: [PATCH] wafsamba: add -Werror=format-security to the developer build

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 buildtools/wafsamba/samba_autoconf.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 5f35d77..795d130 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -708,6 +708,7 @@ def SAMBA_CONFIG_H(conf, path=None):
                         testflags=True)
 
         conf.ADD_CFLAGS('-Wformat=2 -Wno-format-y2k', testflags=True)
+        conf.ADD_CFLAGS('-Werror=format-security -Wformat-security', testflags=True)
         # This check is because for ldb_search(), a NULL format string
         # is not an error, but some compilers complain about that.
         if CHECK_CFLAGS(conf, ["-Werror=format", "-Wformat=2"], '''
-- 
1.9.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160905/84bd85ba/signature.sig>

More information about the samba-technical mailing list