Re: [Openvpn-devel] [PATCH] Build with a few -Werror= flags if the compiler supports them

Fri, 16 Dec 2016 12:54:26 -0800 

Hi,

On 16-12-16 19:26, Julien Muchembled wrote:
> The bug in Trac #792 (pointer wrongly truncated as 'int', leading to 
> segfaults)
> would have been understood faster with either
>   -Werror=implicit or -Werror=format
> (and above all, before running buggy executables in production)
> 
> Debian already compiles with -Werror=format-security, and it's indeed a good
> idea for a sensitive software like OpenVPN to use it.
> ---
>> Yes, please!
>>
>> You can put the macro in m4/
>>
> 
> OK. Not sure about the license. It's GPL3+

GPLv3 is fine as far as I'm aware, and the license is nicely contained
in the file, so I think all is good.

> I also don't include the latest version, which has (among other changes):
> -[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
> +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF

Good, 2.59 is reasonable, even RHEL6 has 2.63.  Might be good if David
or Gert gives this a test run on the build farm before applying though.

> configure.ac                |  7 +++++
>  m4/ax_check_compile_flag.m4 | 74 
> +++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 81 insertions(+)
>  create mode 100644 m4/ax_check_compile_flag.m4
> 
> diff --git a/configure.ac b/configure.ac
> index 4f086ea..3357ea0 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -412,6 +412,13 @@ ifdef(
>       ]
>  )
>  
> +AX_CHECK_COMPILE_FLAG([ -Werror=implicit ], [
> +    CFLAGS_EXTRA="$CFLAGS_EXTRA -Werror=implicit"
> +])
> +AX_CHECK_COMPILE_FLAG([ -Werror=format -Werror=format-security ], [
> +    CFLAGS_EXTRA="$CFLAGS_EXTRA -Werror=format -Werror=format-security"
> +])
> +

Shouldn't there be a CFLAGS="${CFLAGS} ${CFLAGS_EXTRA}" somewhere?  Or
just use CFLAGS directly, instead of _EXTRA.  Without that, I don't see
the flags appear in the make output.

-Steffan

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to