[Bug 6026] New: -Wstrict-overflow and -Wtrampolines should be part of standard CFLAGS
bugzilla at busybox.net
bugzilla at busybox.net
Sat Mar 2 19:27:43 UTC 2013
https://bugs.busybox.net/show_bug.cgi?id=6026
Summary: -Wstrict-overflow and -Wtrampolines should be part of
standard CFLAGS
Product: uClibc
Version: 0.9.33.3
Platform: PC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Other
AssignedTo: unassigned at uclibc.org
ReportedBy: noloader at gmail.com
CC: uclibc-cvs at uclibc.org
Estimated Hours: 0.0
-Wstrict-overflow and -Wtrampolines are great choices for warning options, and
its good to see they show up with '
-Wstrict-overflow warns about optimizations taken due to overflow. That means
code could be potentially removed due to undefined behavior. Undefined behavior
is probably an unintentional error, so the programmer should receive a warning.
-Wstrict-overflow should be enabled by default regardless of kconfig wishes.
-Wtrampolines are an important warning because they are mutually exclusive with
no-exec stacks. The project currently specifies -Wa,noexecstack (and possible
-z,noexecstack), so it appears the project is taking a good defensive position.
Unfortunately, a trampoline will cause the silent loss of a no-exec stack.
-Wtrampolines should be enabled by default regardless of kconfig wishes.
-Wstrict-overflow is available for non-ancient GCC, while -Wtrampolines is
available in GCC 4.3 and above.
For auditing no-exe stacks, Tobias Klien has a neat little tool called Checksec
(http://www.trapkit.de/tools/checksec.html). For manual auditing, use readelf:
$ readelf -l <module> | grep -A 1 -i GNU_STACK
Note: the stack segment must be marked RW (not RWE), *and* it must be 0 size.
Otherwise, you don't have a no-exec stack.
--
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the uClibc-cvs
mailing list