| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202409101722.C8E47DF@keescook> Date: Tue, 10 Sep 2024 17:26:14 -0700 From: Kees Cook <kees@...nel.org> To: Andy Shevchenko <andriy.shevchenko@...el.com> Cc: linux-hardening@...r.kernel.org, Arnd Bergmann <arnd@...db.de> Subject: Re: -Wformat-trunctation with `make W=1` On Mon, Sep 09, 2024 at 04:26:03PM +0300, Andy Shevchenko wrote: > Recently I'm trying to compile my (almost) x86_64_defconfig based kernel with > `make W=1` while having CONFIG_WERROR=y. With a handful of patches I was able > to achieve that with clang-18, however GCC 14.2.0 issues a lot of additional > warnings that are mostly related to -Wformat-truncation [1]. Any suggestions, > plans, comments on how to address them? > > [1]: https://paste.debian.net/hidden/46106f2a/ Since it's behind W=1, fixing those issues hasn't been a very high priority. That said, I would love to see it done. Patches have slowly been landing for various W=1 things related to the -Wstringop-... and -Wformat... options, though. But I don't think there has been a concerted effort to wipe them out completely. And at least sometimes these warnings are effectively false positives, related to unexpected behaviors in GCC's value range tracking, though that has mostly been an issue for getting -Warray-bounds to build cleanly. As for fixing them, I think one will need to just look at each instance one at a time to figure out the best solution. -Kees -- Kees Cook
Powered by blists - more mailing lists