diff options
| author | Bruno Haible <bruno@clisp.org> | 2020-12-06 17:59:45 +0100 |
|---|---|---|
| committer | Bruno Haible <bruno@clisp.org> | 2020-12-06 17:59:45 +0100 |
| commit | 0187efca598c6e072d1de1a59e3bdefa28d89cfe (patch) | |
| tree | aeb47ee8b771b61fddc10e3bd90bd344fe1078f7 | |
| parent | 5b6ea85121af42b78348d8b396f84b281aa4998a (diff) | |
| download | gnulib-0187efca598c6e072d1de1a59e3bdefa28d89cfe.tar.gz | |
doc: Add more details regarding the undefined behaviour sanitizer.
* doc/gnulib-readme.texi (High Quality): Describe
-fsanitize-undefined-trap-on-error better.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | doc/gnulib-readme.texi | 23 |
2 files changed, 24 insertions, 5 deletions
@@ -1,5 +1,11 @@ 2020-12-06 Bruno Haible <bruno@clisp.org> + doc: Add more details regarding the undefined behaviour sanitizer. + * doc/gnulib-readme.texi (High Quality): Describe + -fsanitize-undefined-trap-on-error better. + +2020-12-06 Bruno Haible <bruno@clisp.org> + Do the Windows oldnames workaround through the C++ GNULIB_NAMESPACE. Reported by Daniel R. Hurtmans <Daniel.Hurtmans@ulb.ac.be> in <https://lists.gnu.org/archive/html/bug-gnulib/2020-12/msg00029.html>. diff --git a/doc/gnulib-readme.texi b/doc/gnulib-readme.texi index a2a59628b1..cde6d7aaba 100644 --- a/doc/gnulib-readme.texi +++ b/doc/gnulib-readme.texi @@ -546,8 +546,21 @@ for your compiler. For example: @end example @noindent -Here, @code{-D_FORTIFY_SOURCE=2} enables extra security hardening -checks in the GNU C library, @code{-fsanitize=undefined} enables GCC's -undefined behavior sanitizer (@code{ubsan}), and -@code{-fsanitize-undefined-trap-on-error} prevents @code{ubsan}'s -linking to unnecessary libraries like @code{libstdc++}. +Here: + +@itemize @bullet +@item +@code{-D_FORTIFY_SOURCE=2} enables extra security hardening checks in +the GNU C library. +@item +@code{-fsanitize=undefined} enables GCC's undefined behavior sanitizer +(@code{ubsan}), and +@item +@code{-fsanitize-undefined-trap-on-error} causes @code{ubsan} to +abort the program (through an ``illegal instruction'' signal). This +measure stops exploit attempts and also allows you to debug the issue. +Without this option, @code{-fsanitize=undefined} causes messages to be +printed, execution continues after an undefined behavior situation, and +GCC links the program against @code{libstdc++} (which you can avoid +through the option @code{-static-libubsan}). +@end itemize |