From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 2/2 v3] toolchain/wrapper: extend paranoid check to -isystem
Date: Sun, 18 Sep 2016 16:15:25 +0200 [thread overview]
Message-ID: <20160918161525.1bd1d7ce@free-electrons.com> (raw)
In-Reply-To: <110620526667c2676631a91f4d223e093896bda9.1472485693.git.yann.morin.1998@free.fr>
Hello,
On Mon, 29 Aug 2016 17:53:59 +0200, Yann E. MORIN wrote:
> +struct unsafe_opt_s {
> + const char *arg;
> + size_t len;
> +};
> +
> +/* Unsafe options are options that specify a potentialy unsafe path,
> + * that will be checked by check_unsafe_path(), below.
> + *
> + * sizeof() on a string literal includes the terminating \0.
> + */
> +#define UNSAFE_OPT(o) { #o, sizeof(#o)-1 }
I was wondering if this was really necessary. You could also have done
just:
static const char *unsafe_opts[] = {
"-I", "-L", "-isystem", ...
}
and then use strlen() in the loop. But your solution has the advantage
that the string length is calculated once for all, so OK.
> +static const struct unsafe_opt_s unsafe_opts[] = {
> + UNSAFE_OPT(-I),
> + UNSAFE_OPT(-idirafter).
This definitely couldn't built: it should have a comma at the end of
the line, not a dot. I've fixed this up and applied (after testing a
bit that the behavior looks sane).
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux and Kernel engineering
http://free-electrons.com
prev parent reply other threads:[~2016-09-18 14:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-29 15:53 [Buildroot] [PATCH 0/2 v3] toolchain/wrapper: add more paranoid checks (branch yem/wrapper) Yann E. MORIN
2016-08-29 15:53 ` [Buildroot] [PATCH 1/2 v3] toolchain/wrapper: display options leading to a paranoid failure Yann E. MORIN
2016-09-18 14:13 ` Thomas Petazzoni
2016-08-29 15:53 ` [Buildroot] [PATCH 2/2 v3] toolchain/wrapper: extend paranoid check to -isystem Yann E. MORIN
2016-09-18 14:15 ` Thomas Petazzoni [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160918161525.1bd1d7ce@free-electrons.com \
--to=thomas.petazzoni@free-electrons.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox