Date: Sun, 6 Nov 2011 16:47:38 -0800 From: Rui Paulo <rpaulo@FreeBSD.org> To: Warner Losh <imp@bsdimp.com> Cc: Alexander Best <arundel@FreeBSD.org>, freebsd-toolchain@FreeBSD.org, Dimitry Andric <dim@FreeBSD.org> Subject: Re: [poc] buildkernel + clang + -Werror Message-ID: <D33B52AF-854F-4FEB-A5DC-878017116C78@FreeBSD.org> In-Reply-To: <242747B7-3EAE-4988-A975-DC58B0997A6F@bsdimp.com> References: <20111105102102.GA54596@freebsd.org> <20111106172835.GO2258@hoeg.nl> <20111106203316.GA73216@freebsd.org> <4EB6F38E.2080006@FreeBSD.org> <20111106205805.GA78142@freebsd.org> <C7A0F95A-0F55-47BF-AD60-66DDAEEC3EC7@FreeBSD.org> <242747B7-3EAE-4988-A975-DC58B0997A6F@bsdimp.com>
index | next in thread | previous in thread | raw e-mail
On Nov 6, 2011, at 4:36 PM, Warner Losh wrote: > On Nov 6, 2011, at 2:13 PM, Rui Paulo wrote: >> The only argument against this tautological check that I agree with is when the code is explicitly trying to be safe. If the developer checks for "i < 0" when indexing an array he/she is trying to guard against possible pitfalls in the future when someone suddenly decides to change the variable type to become signed. One possible security vulnerability was avoided because that developer checked for negative values. >> I'm against turning this off by default, but it should not cause an error. > > Except when you pass args back and forth between signed and unsigned and back again. If you check < 0 in the middle, that's one more security bug you thought you had fixed, but really you've done nothing with. Of course, but in the context of the compiler checks this argument doesn't apply. Regards, -- Rui Paulohelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D33B52AF-854F-4FEB-A5DC-878017116C78>