On Fri, 28 Jan 2022 at 16:40, Steve Grubb wrote: > > >> Of course gcc -fsanitize=undefined cannot be used on production code. > > > > Why not? Will it find too many errors? > > This discussion is at least 5 years old: > > https://seclists.org/oss-sec/2016/q1/363 > > I don't know if the problems have been addressed or if new problems have > popped up. The short of it, if you don't read the link above, is that you can > use the _OPTIONS environmental variable with a setuid application and clobber > any file on the file system. (That's about ASan, but UBSAN_OPTIONS will do the same.) It's worth noting that -fsanitize=undefined -fsanitize-undefined-trap-on-error doesn't use UBSAN_OPTIONS and doesn't require libubsan.so. With the trap-on-error option you just get a crash instead of a user-friendly description of the error, but it does still check for UB and halt the process when it's detected. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
