Re: AC_*/AM_* macros for options

autoconf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AC_/AM_ macros for options

From:	Jeffrey Walton
Subject:	Re: AC_/AM_ macros for options
Date:	Tue, 29 Oct 2013 17:41:25 -0400

On Tue, Oct 29, 2013 at 4:18 PM, Russ Allbery <address@hidden> wrote:
> Jeffrey Walton <address@hidden> writes:
>
>> -Wconversion should be included. That's because -1 > 1 after promotion:
>
>>     signed int i = -1;
>>     unsigned int j = 1;
>
>>     if(i > j)
>>         printf("-1 > 1 !!!\n");
>
>> I understand its going to be a pain point for those who don't pay
>> attention to details.
>
> -Wconversion produces (or at least produced; I've not rechecked recently)
> unfixable warnings for most network code due to macro expansion.  See:
>
>     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488884
>
> The pattern explained in that bug is still present in the current glibc
> headers.
Well, you can do one of three things. You can allow the defective code
to thrive, you can fix the defective code, or you can ban the
defective code and provide a replacement.

In my case, I choose to ban the defective code and replace it with
well written *and* well instrumented code because its dangerous in
practice. Its a security gate, and I don't have the time or energy to
devote to the l33t hackers feel the C programming language rules don't
apply to them. For example, bitops.h is banned from my code bases due
to its undefined behavior.

I'm not sure its a good idea to allow substandard code to thrive
because l33t hackers wrote it. I still remember Drepper's wisdom on
strlcat (and friends), which he called "horribly inefficient BSD crap"
[0]. He refused to add the safer string and memory functions of
ISO/IEC TR24731-1 to the runtime. Years later, his wisdom yielded
multiple buffer overflows in uPnP, which left millions of routers,
gateways, and other embedded devices vulnerable [1]. I'm still using
one of those unpacthed junk gateways because my ISP won't upgrade it
or replace it.

Jeff

[0] PATCH: safe string copy and concatenation [sic],
http://www.sourceware.org/ml/libc-alpha/2000-08/msg00053.html
[1] Portable SDK for UPnP Devices (libupnp) contains multiple buffer
overflows in SSDP, http://www.kb.cert.org/vuls/id/922681

[Prev in Thread]

Current Thread

[Next in Thread]

Re: AC_*/AM_* macros for options, (continued)
- Re: AC_*/AM_* macros for options, Julien ÉLIE, 2013/10/29
- AC_*/AM_* macros for options, David A. Wheeler, 2013/10/29
  - Re: AC_*/AM_* macros for options, Eric Blake, 2013/10/29
    - Re: AC_*/AM_* macros for options, David A. Wheeler, 2013/10/29
    - Re: AC_*/AM_* macros for options, Paul Eggert, 2013/10/30
    - Re: AC_*/AM_* macros for options, David A. Wheeler, 2013/10/30
    - Re: AC_*/AM_* macros for options, Rhys Ulerich, 2013/10/30
  - Re: AC_*/AM_* macros for options, Jeffrey Walton, 2013/10/29
    - Re: AC_*/AM_* macros for options, Russ Allbery, 2013/10/29
    - Re: AC_*/AM_* macros for options, Paul Eggert, 2013/10/29
    - Re: AC_*/AM_* macros for options, Jeffrey Walton <=
    - Re: AC_*/AM_* macros for options, Paul Eggert, 2013/10/29
    - Re: AC_*/AM_* macros for options, Jeffrey Walton, 2013/10/29
    - Re: AC_*/AM_* macros for options, Paul Eggert, 2013/10/29
    - Re: AC_*/AM_* macros for options, Jeffrey Walton, 2013/10/30
    - Re: AC_*/AM_* macros for options, Paul Smith, 2013/10/30
    - Re: AC_*/AM_* macros for options, Paul Eggert, 2013/10/30
    - Re: AC_*/AM_* macros for options, Jeffrey Walton, 2013/10/30
    - Re: AC_*/AM_* macros for options, Paul Eggert, 2013/10/30
    - Re: AC_*/AM_* macros for options, Jeffrey Walton, 2013/10/30
    - Re: AC_*/AM_* macros for options, Paul Eggert, 2013/10/30

Prev by Date: Re: AC_*/AM_* macros for options
Next by Date: Re: AC_*/AM_* macros for options
Previous by thread: Re: AC_*/AM_* macros for options
Next by thread: Re: AC_*/AM_* macros for options
Index(es):
- Date
- Thread