[OpenWrt-Devel] default compiler hardening options for all C projects [Was: Re: [PATCH] uci: Fix Wformat-nonliteral warning]
Petr Štetiar
ynezz at true.cz
Sat Nov 30 10:41:48 EST 2019
Petr Štetiar <ynezz at true.cz> [2019-11-30 15:04:40]:
> Wouldn't it make sense to enable following hardening flags (maybe consider
> others as well?):
>
> -Werror=format-security
> -Werror=format-nonliteral
FYI, following uci patch:
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 92adf4a47121..56a14e2b2b40 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -4,7 +4,7 @@ PROJECT(uci C)
SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
ADD_DEFINITIONS(-Os -Wall -Werror -Wextra --std=gnu99 -g3 -I.
-DUCI_PREFIX="${CMAKE_INSTALL_PREFIX}")
-ADD_DEFINITIONS(-Wno-unused-parameter)
+ADD_DEFINITIONS(-Wno-unused-parameter -Werror=format-nonliteral -Werror=format-security)
yields following error with clang-10 on CI[1]:
cli.c:196:19: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
vfprintf(stderr, fmt, ap);
1. https://gitlab.com/ynezz/openwrt-uci/-/jobs/365617293
-- ynezz
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list