[torquedev] Useful GCC flags for security/error catching

Simon Toth simont at mail.muni.cz
Wed Jul 22 02:47:14 MDT 2009


> The Ubuntu Wiki has a useful page on GCC flags that
> are used by default to build there packages.  These
> are of interest as they relate to catching things
> like smashing the stack and unchecked return values,
> etc..
> 
>  https://wiki.ubuntu.com/CompilerFlags
> 
> FWIW 2.3.7 compiles cleanly when adding:
> 
>  -fstack-protector -Wformat -Wformat-security -DFORTIFY_SOURCE=2
> 
> to the standard CFLAGS (which is nice!).

Personally I prefer using Splint (it is capable of finding very deep bugs).

It is a bit hard to setup (because it will usually find thousands of
bugs on the first run), but has very neat features (like tagging
variables as I/O, not NULL, etc...).

-- 
Mgr. Simon Toth
CESNET z.s.p.o.
Zikova 4
160 00 Praha 6
Czech Republic


More information about the torquedev mailing list