Andrew Price writes:
On 24/04/14 15:13, Lennart Poettering wrote:We probably should make setjmp()-freeness a requirement for all code included in Fedora.Would it be worth the effort, and how feasible is it anyway? - Do we have any usage statistics? - How often do we see bugs caused by bad uses of setjmp/longjmp? - Is mitigation instead of blanket removal possible? - How likely is it that /all/ setjmp/longjmp uses can be reasonably replaced? - Is there existing upstream momentum to move away from setjmp/longjmp? (I'm not against the idea but I think it deserves further discussion.)
According to its manpage, setjmp and longjmp conform to C89, C99, and POSIX. I'm afraid I just can't wrap my brain around a concept of something that's good enough for POSIX, but not good enough for Fedora.
If we continue to think along these lines, we might as well ban any code that uses strcpy(), because of its inherent potential for buffer overflows, and exploitable code.
Can't wait for this latest howler from the great minds of Fedora to hit Slashdot.
Attachment:
pgpi1pYDdsMhF.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
