[torquedev] Useful GCC flags for security/error catching
Simon Toth
simont at mail.muni.cz
Wed Jul 22 02:47:14 MDT 2009
> The Ubuntu Wiki has a useful page on GCC flags that
> are used by default to build there packages. These
> are of interest as they relate to catching things
> like smashing the stack and unchecked return values,
> etc..
>
> https://wiki.ubuntu.com/CompilerFlags
>
> FWIW 2.3.7 compiles cleanly when adding:
>
> -fstack-protector -Wformat -Wformat-security -DFORTIFY_SOURCE=2
>
> to the standard CFLAGS (which is nice!).
Personally I prefer using Splint (it is capable of finding very deep bugs).
It is a bit hard to setup (because it will usually find thousands of
bugs on the first run), but has very neat features (like tagging
variables as I/O, not NULL, etc...).
--
Mgr. Simon Toth
CESNET z.s.p.o.
Zikova 4
160 00 Praha 6
Czech Republic
More information about the torquedev
mailing list