Bug 1025300 - include "-Wformat-security" in "-Wall" (RFE)
Summary: include "-Wformat-security" in "-Wall" (RFE)
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: gcc
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jakub Jelinek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-10-31 12:36 UTC by Dhiru Kholia
Modified: 2014-03-25 03:44 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-31 12:45:26 UTC
Type: Bug


Attachments (Terms of Use)

Description Dhiru Kholia 2013-10-31 12:36:00 UTC
It would be great if "-Wformat-security" could be included in "-Wall".

For more details, please see https://fedorahosted.org/fesco/ticket/1185 URL.

Comment 1 Jakub Jelinek 2013-10-31 12:45:26 UTC
I certainly don't want to diverge from upstream meaning of -Wall, the set of warnings enabled by default resp. in -Wall resp. in -W shouldn't change through vendor adjustments, if some project using -Werror takes time to ensure it is error (warning promoted to errors) free for some GCC x.y version, if various vendor GCC versions would diverge that, it would be a nightmare for developers.
If you want -Wformat-security for Fedora, just set it in $RPM_OPT_FLAGS.

Comment 2 Bill Nottingham 2013-10-31 15:32:00 UTC
... is there a reason it can't be proposed as an upstream change?

Comment 3 Jakub Jelinek 2013-10-31 15:38:15 UTC
It isn't a warning without small rate of false positives, I'd categorize it more as a coding style warning, so I personally don't think it is a good idea to include it in -Wall and thus perhaps am not the right person to champion such a change.  Anyone who thinks there are sufficient arguments for that can surely propose it in http://gcc.gnu.org/bugzilla/, though there is less than a month before new features won't be accepted anymore for 4.9.

Comment 4 Jakub Jelinek 2013-10-31 15:40:18 UTC
Note, -D_FORTIFY_SOURCE (not even =1) isn't on by default either, and the most dangerous thing that would result from user controlled strings being passed to *printf family of function is %n, which is blocked already by -D_FORTIFY_SOURCE=2.

Comment 5 Stephen Gallagher 2013-11-06 18:08:49 UTC
If we don't include it in -Wall, could we at least argue for inclusion in -Wextra?

Comment 6 Jakub Jelinek 2013-11-06 18:11:26 UTC
That is the same thing.


Note You need to log in before you can comment on or make changes to this bug.