[OpenWrt-Devel] default compiler hardening options for all C projects [Was: Re: [PATCH] uci: Fix Wformat-nonliteral warning]

Rosen Penev rosenp at gmail.com
Sat Nov 30 11:40:24 EST 2019


> 
> 
>> Wouldn't it make sense to enable following hardening flags (maybe consider
>> others as well?):
>> 
>>  -Werror=format-security 
>>  -Werror=format-nonliteral
Actually the flag I used was -Werror=format=2. It includes all of them.

The nonliteral warning is not applicable everywhere. In some packages, a struct member is passed. This cannot be fixed.
> 
> FYI, following uci patch:
> 
> diff --git a/CMakeLists.txt b/CMakeLists.txt
> index 92adf4a47121..56a14e2b2b40 100644
> --- a/CMakeLists.txt
> +++ b/CMakeLists.txt
> @@ -4,7 +4,7 @@ PROJECT(uci C)
> 
>  SET(CMAKE_SHARED_LIBRARY_LINK_C_FLAGS "")
>  ADD_DEFINITIONS(-Os -Wall -Werror -Wextra --std=gnu99 -g3 -I.
> -DUCI_PREFIX="${CMAKE_INSTALL_PREFIX}")
> -ADD_DEFINITIONS(-Wno-unused-parameter)
> +ADD_DEFINITIONS(-Wno-unused-parameter -Werror=format-nonliteral -Werror=format-security)
> 
> yields following error with clang-10 on CI[1]:
> 
> cli.c:196:19: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
>         vfprintf(stderr, fmt, ap);
Will take a look. My initial impression is that it’s not easily fixed.
> 
> 1. https://gitlab.com/ynezz/openwrt-uci/-/jobs/365617293
> 
> -- ynezz
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list