Thanks for the response. The problem is that with libgtk, "--enable- debug=no" alters the logic within the library, and actually allows undefined behavior, by disabling code assertions and cast checks.
This makes it easy for library and application developers to make mistakes leading to "undefined behavior," like invalid memory accesses. I am not familiar enough with the libgtk code base, so I cannot say if "undefined behavior" includes potentially exploitable security issues (due to memory accesses). The solution is to build libgtk with "--enable-debug=minimum", which is recommended by the GTK packaging guidelines. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1641358 Title: libgtk-3 should avoid configuration --enable-debug=no To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gtk+3.0/+bug/1641358/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
