Some documentation improvements #1599
Conversation
At least GCC and Clang take advantage of signed integer overflow being undefined to perform optimizations, unless told not to. And Clang always assumes that dereferencing NULL will never happen, and that the result of out-of-bounds pointer arithmetic will not be used. |
|
Right now, I would not be comfortable compiling RPM with any compiler except GCC unless optimizations were disabled. |
|
OpenMandriva has been shipping RPM compiled by Clang for three years now, with optimizations. I would think @berolinux would want to know about specific reasons not to do that... |
My recommendation to @berolinux would be to pass Edit: This doesn’t work (it causes RPM to crash) due to #1547. |
|
Also, the issue isn’t “Clang causes RPM to stop working in normal use”, but “clang optimizes out critical security checks”. I have no evidence that this happens in practice, but it could start happening in any minor release. |
|
Calm down please. The sky hasn't fallen in 20+ years of rpm being built with all manner of different compilers. |
so that security researchers (like me) don’t file invalid bugs.
DemiMarie
force-pushed
the
document-compiler-expectations
branch
from
8c09923
to
c34b0d6
Compare
|
NAK. I absolutely will not get into this sort of hair-splitting over what is just your average-if-old codebase of C. |
This adds some documentation I wish I had when researching RPM’s security.