From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OQGoG-0002io-8T for garchives@archives.gentoo.org; Sun, 20 Jun 2010 09:27:34 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7BB12E0837; Sun, 20 Jun 2010 09:27:17 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 54C41E0827 for ; Sun, 20 Jun 2010 09:26:43 +0000 (UTC) Received: from vapier.localnet (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id DAB971B400E for ; Sun, 20 Jun 2010 09:26:42 +0000 (UTC) From: Mike Frysinger Organization: wh0rd.org To: gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] new warnings to catch from gcc in portage Date: Sun, 20 Jun 2010 05:26:38 -0400 User-Agent: KMail/1.13.1 (Linux/2.6.34; KDE/4.4.3; x86_64; ; ) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1618708.17JDfPy50u"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201006200526.39160.vapier@gentoo.org> X-Archives-Salt: a5e1c649-21d2-453d-a7f2-47dbbf84fa19 X-Archives-Hash: 64646e82053083632eee4ced92c4092a --nextPart1618708.17JDfPy50u Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable the newer fortify/security work in gcc provides some nice checks which port= age=20 doesnt currently flag. those are: ": warning: array subscript is below array bounds$" ": warning: array subscript is above array bounds$" ": warning: attempt to free a non-heap object" ": warning: .* called with .*bigger.* than .* destination buffer$" ": warning: call to .* will always overflow destination buffer$" this should catch the kind of checks where people check for pointer math=20 overflow but dont realize that gcc optimizes it away: ": warning: assuming pointer wraparound does not occur when comparing " these tend to be typos in code: ": warning: hex escape sequence out of range$" ": warning: [^ ]*-hand operand of comma .*has no effect$" these too are typos/thinkos involving NULL instead of a value of 0, or=20 misordering of arguments: ": warning: converting to non-pointer type .* from NULL" ": warning: NULL used in arithmetic$" ": warning: passing NULL to non-pointer argument" these tend to be thinkos which result in incorrect behavior: ": warning: the address of [^ ]* will always evaluate as" ": warning: the address of [^ ]* will never be NULL" think "char foo[1234]" and later doing "if (foo) ..." i cant see this being valid: ": warning: too few arguments for format" or trying to return addresses to function locals: ": warning: reference to local variable .* returned" ": warning: returning reference to temporary" ": warning: function returns address of local variable" =2Dmike --nextPart1618708.17JDfPy50u Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) iQIcBAABAgAGBQJMHd7PAAoJEEFjO5/oN/WBYmsQAOPC8CkNwB2bSu9hr+7/x0vn f3jzGLBqPXRHxariuEJzkDNTWnp0NTqpNWZVcI0p5YqTJkNFpwMjpLyaWdIkDja0 0dyqZvAm8zK1NvZUpXBO6Mi+5x5k0Uc2O1VjRARLVefiLVDZ9pgoFzJnU+ivR3JW jiR+8UpViV81roIry4hTIfFBHFTLmg2fqULmtEnDYT5JcCMWwTKUEJM2lOBhSfOc Mb8YiKrcZVC6xxfpk3LHW6JpiHMIgKH3Ks/j1LK/xpcXsUIdzFRXAaTxfYx0ifAP QzaqLnnyeU8PyREhp3dW0Y/t5fMwn7TdACjX/7xYwNf0fqZlQ8Jctcb7JnAf+Ddd CqAk2eQszuRLsPdevV+VlXB5HWltT9GHuODD3supu+0rDNv35O7Gg6Z2308Lj0QQ 4xRCoryhIHPXQhoSN5UgUkePnUMIMuMfER3TV+I4oxjNB4Z9KIR2xttmrUOUS5oF Rp802El0BayqPHwpypoyZG2jdIz5M+2HWTAYgh8YLr9lGESFyU2iQPkhuA2ABVJs rcMzX2G5uKu1qXxDr89SCdeMzoPXbWdXHdDy84La1CDLsDZX6T2FSR2mW3Fd87mo GN4anzp2FVMN5wBLo2UIGRNuMSS3lft0s8dPyTRITsRNqN7XmyfvyxQP0d67vZ0Y KjpRiGNNSHGf8eAENFJj =saEm -----END PGP SIGNATURE----- --nextPart1618708.17JDfPy50u--