diff options
author | Bruno Haible <bruno@clisp.org> | 2020-12-06 17:59:45 +0100 |
---|---|---|
committer | Bruno Haible <bruno@clisp.org> | 2020-12-06 17:59:45 +0100 |
commit | 0187efca598c6e072d1de1a59e3bdefa28d89cfe (patch) | |
tree | aeb47ee8b771b61fddc10e3bd90bd344fe1078f7 /doc/gnulib-readme.texi | |
parent | 5b6ea85121af42b78348d8b396f84b281aa4998a (diff) | |
download | gnulib-0187efca598c6e072d1de1a59e3bdefa28d89cfe.tar.gz |
doc: Add more details regarding the undefined behaviour sanitizer.
* doc/gnulib-readme.texi (High Quality): Describe
-fsanitize-undefined-trap-on-error better.
Diffstat (limited to 'doc/gnulib-readme.texi')
-rw-r--r-- | doc/gnulib-readme.texi | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/doc/gnulib-readme.texi b/doc/gnulib-readme.texi index a2a59628b1..cde6d7aaba 100644 --- a/doc/gnulib-readme.texi +++ b/doc/gnulib-readme.texi @@ -546,8 +546,21 @@ for your compiler. For example: @end example @noindent -Here, @code{-D_FORTIFY_SOURCE=2} enables extra security hardening -checks in the GNU C library, @code{-fsanitize=undefined} enables GCC's -undefined behavior sanitizer (@code{ubsan}), and -@code{-fsanitize-undefined-trap-on-error} prevents @code{ubsan}'s -linking to unnecessary libraries like @code{libstdc++}. +Here: + +@itemize @bullet +@item +@code{-D_FORTIFY_SOURCE=2} enables extra security hardening checks in +the GNU C library. +@item +@code{-fsanitize=undefined} enables GCC's undefined behavior sanitizer +(@code{ubsan}), and +@item +@code{-fsanitize-undefined-trap-on-error} causes @code{ubsan} to +abort the program (through an ``illegal instruction'' signal). This +measure stops exploit attempts and also allows you to debug the issue. +Without this option, @code{-fsanitize=undefined} causes messages to be +printed, execution continues after an undefined behavior situation, and +GCC links the program against @code{libstdc++} (which you can avoid +through the option @code{-static-libubsan}). +@end itemize |