[poc] buildkernel + clang + -Werror

Warner Losh imp at bsdimp.com
Mon Nov 7 00:39:54 UTC 2011


On Nov 6, 2011, at 2:13 PM, Rui Paulo wrote:
> The only argument against this tautological check that I agree with is when the code is explicitly trying to be safe. If the developer checks for "i < 0" when indexing an array he/she is trying to guard against possible pitfalls in the future when someone suddenly decides to change the variable type to become signed. One possible security vulnerability was avoided because that developer checked for negative values.
> I'm against turning this off by default, but it should not cause an error.

Except when you pass args back and forth between signed and unsigned and back again.  If you check < 0 in the middle, that's one more security bug you thought you had fixed, but really you've done nothing with.

Warner



More information about the freebsd-toolchain mailing list