1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
# DP: Turn on -Wformat -Wformat-security by default for C, C++, ObjC, ObjC++.
Index: b/src/gcc/doc/invoke.texi
===================================================================
--- a/src/gcc/doc/invoke.texi
+++ b/src/gcc/doc/invoke.texi
@@ -3799,6 +3799,11 @@ included in @option{-Wformat-nonliteral}
If @option{-Wformat} is specified, also warn if the format string
requires an unsigned argument and the argument is signed and vice versa.
+NOTE: In Ubuntu 8.10 and later versions this option is enabled by default
+for C, C++, ObjC, ObjC++. To disable, use @option{-Wno-format-security},
+or disable all format warnings with @option{-Wformat=0}. To make format
+security warnings fatal, specify @option{-Werror=format-security}.
+
@item -Wformat-y2k
@opindex Wformat-y2k
@opindex Wno-format-y2k
Index: b/src/gcc/gcc.c
===================================================================
--- a/src/gcc/gcc.c
+++ b/src/gcc/gcc.c
@@ -858,11 +858,14 @@ proper position among the other output f
#define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
#endif
+/* no separate spec, just shove it into the ssp default spec */
+#define FORMAT_SECURITY_SPEC "%{!Wformat:%{!Wformat=2:%{!Wformat=0:%{!Wall:-Wformat} %{!Wno-format-security:-Wformat-security}}}}"
+
#ifndef SSP_DEFAULT_SPEC
#ifdef TARGET_LIBC_PROVIDES_SSP
-#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:-fstack-protector}}}}"
+#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:-fstack-protector}}}} " FORMAT_SECURITY_SPEC
#else
-#define SSP_DEFAULT_SPEC ""
+#define SSP_DEFAULT_SPEC FORMAT_SECURITY_SPEC
#endif
#endif
|
