Le 20 juillet 2017 08:02:41 GMT+02:00, intrigeri <intrig...@debian.org> a écrit : >Control: retitle -1 Please identify lack of UBSAN compiler/linker flags > >Jakub Wilk: >> Relevant thread on oss-security: >> http://www.openwall.com/lists/oss-security/2016/02/17/9 > >Right, I was aware of this additional info but failed to update this >bug report accordingly. Sorry! > >tl;dr: "only the UBSAN sanitizer is safe for 'daily use'", as Seth >(Cc'ed) summed up in >http://openwall.com/lists/oss-security/2017/07/11/1. > >So I'm retitling this bug report to make it about UBSAN only, >i.e. compiling and linking programs with -fsanitize=undefined. >Note that by default, UBSAN only displays an error message at runtime >when a problem is detected, and then resumes execution.
So not safe .... Display an error will change behaviour... >Seth: are you aware of ways to check if a given binary has UBSAN >enabled? Or is this something we should add to blhc instead >of Lintian? > >Jakub, does this make sense to you? Do you think this is enough to >drop the moreinfo tag? > >Cheers, -- Envoyé de mon appareil Android avec K-9 Mail. Veuillez excuser ma brièveté.