-
Notifications
You must be signed in to change notification settings - Fork 359
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some documentation improvements #1599
Some documentation improvements #1599
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm curious where you encountered a compiler that doesn't do this, but looks fine to me. 👍🏾
At least GCC and Clang take advantage of signed integer overflow being undefined to perform optimizations, unless told not to. And Clang always assumes that dereferencing NULL will never happen, and that the result of out-of-bounds pointer arithmetic will not be used. |
Right now, I would not be comfortable compiling RPM with any compiler except GCC unless optimizations were disabled. |
OpenMandriva has been shipping RPM compiled by Clang for three years now, with optimizations. I would think @berolinux would want to know about specific reasons not to do that... |
My recommendation to @berolinux would be to pass Edit: This doesn’t work (it causes RPM to crash) due to #1547. |
Also, the issue isn’t “Clang causes RPM to stop working in normal use”, but “clang optimizes out critical security checks”. I have no evidence that this happens in practice, but it could start happening in any minor release. |
Calm down please. The sky hasn't fallen in 20+ years of rpm being built with all manner of different compilers. |
so that security researchers (like me) don’t file invalid bugs.
8c09923
to
c34b0d6
Compare
NAK. I absolutely will not get into this sort of hair-splitting over what is just your average-if-old codebase of C. |
This adds some documentation I wish I had when researching RPM’s security.