Message ID | 20210505211047.1496765-24-philmd@redhat.com |
---|---|
State | New |
Headers | show |
Series | misc: Remove variable-length arrays on the stack | expand |
On 5/5/21 2:10 PM, Philippe Mathieu-Daudé wrote: > Now that we converted all variable-length allocations in the > repository, add the -Wvla CPPFLAG to trigger a build failure > if such allocation is used. > > This should help avoiding vulnerabilities such CVE-2021-3527 > (see commit range 3f67e2e7f13..05a40b172e4). > > Inspired-by: Gerd Hoffmann<kraxel@redhat.com> > Signed-off-by: Philippe Mathieu-Daudé<philmd@redhat.com> > --- > configure | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> r~
diff --git a/configure b/configure index 4f374b48890..a78ff15b52f 100755 --- a/configure +++ b/configure @@ -552,7 +552,7 @@ ARFLAGS="${ARFLAGS-rv}" # provides these semantics.) QEMU_CFLAGS="-fno-strict-aliasing -fno-common -fwrapv $QEMU_CFLAGS" QEMU_CFLAGS="-Wundef -Wwrite-strings -Wmissing-prototypes $QEMU_CFLAGS" -QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS" +QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls -Wvla $QEMU_CFLAGS" QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS" # Flags that are needed during configure but later taken care of by Meson
Now that we converted all variable-length allocations in the repository, add the -Wvla CPPFLAG to trigger a build failure if such allocation is used. This should help avoiding vulnerabilities such CVE-2021-3527 (see commit range 3f67e2e7f13..05a40b172e4). Inspired-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)