| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Oct 2019 18:42:27 +0200
From: Markus Elfring <Markus.Elfring@....de>
To: Rasmus Villemoes <linux@...musvillemoes.dk>,
kernel-janitors@...r.kernel.org,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Joe Perches <joe@...ches.com>,
Kees Cook <keescook@...omium.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Steven Rostedt <rostedt@...dmis.org>,
Aditya Pakki <pakki001@....edu>, Kangjie Lu <kjlu@....edu>,
Navid Emamdoost <emamd001@....edu>,
Stephen McCamant <smccaman@....edu>
Cc: LKML <linux-kernel@...r.kernel.org>
Subject: Re: string.h: Mark 34 functions with __must_check
> You're also not consistent - strlen() is not annotated.
Would you like to integrate any additional function annotations?
> And, for the standard C functions, -Wall already seems to warn about
> an unused call:
This detail is nice, isn't it?
> a.c:5:2: warning: statement with no effect [-Wunused-value]
> strlen(s);
Are there any differences to consider for the Linux function variant?
> The problem is the __must_check does not mean that the
> return value must be followed by a comparison to NULL and bailing out
> (that can't really be checked), it simply ensures the return value is
> assigned somewhere or used in an if(). So foo->bar = kstrdup() not
> followed by a check of foo->bar won't warn. So one would essentially
> only catch instant-leaks.
How do you think about to improve the source code analysis support
any further?
Regards,
Markus
Powered by blists - more mailing lists