| Summary: | include "-Wformat-security" in "-Wall" (RFE) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dhiru Kholia <dkholia> |
| Component: | gcc | Assignee: | Jakub Jelinek <jakub> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | bressers, jakub, law, notting, sgallagh |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-10-31 12:45:26 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Dhiru Kholia
2013-10-31 12:36:00 UTC
I certainly don't want to diverge from upstream meaning of -Wall, the set of warnings enabled by default resp. in -Wall resp. in -W shouldn't change through vendor adjustments, if some project using -Werror takes time to ensure it is error (warning promoted to errors) free for some GCC x.y version, if various vendor GCC versions would diverge that, it would be a nightmare for developers. If you want -Wformat-security for Fedora, just set it in $RPM_OPT_FLAGS. ... is there a reason it can't be proposed as an upstream change? It isn't a warning without small rate of false positives, I'd categorize it more as a coding style warning, so I personally don't think it is a good idea to include it in -Wall and thus perhaps am not the right person to champion such a change. Anyone who thinks there are sufficient arguments for that can surely propose it in http://gcc.gnu.org/bugzilla/, though there is less than a month before new features won't be accepted anymore for 4.9. Note, -D_FORTIFY_SOURCE (not even =1) isn't on by default either, and the most dangerous thing that would result from user controlled strings being passed to *printf family of function is %n, which is blocked already by -D_FORTIFY_SOURCE=2. If we don't include it in -Wall, could we at least argue for inclusion in -Wextra? That is the same thing. |