[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FYI: by default, elide analyzer-related warning options
From: |
Jim Meyering |
Subject: |
Re: FYI: by default, elide analyzer-related warning options |
Date: |
Sat, 1 Jan 2022 11:16:55 -0800 |
On Sat, Jan 1, 2022 at 10:53 AM Jeffrey Walton <noloader@gmail.com> wrote:
> On Sat, Jan 1, 2022 at 1:33 PM Jim Meyering <jim@meyering.net> wrote:
> >
> > I've just pushed a patch that copies coreutils approach:
> >
> > + [# -fanalyzer and related options slow GCC considerably.
> > + ew="$ew -fanalyzer -Wno-analyzer-double-free
> > -Wno-analyzer-malloc-leak"
> > + ew="$ew -Wno-analyzer-null-dereference -Wno-analyzer-use-after-free"])
> >
> > I've also updated from latest gnulib and updated copyright notices.
>
> I don't think these two are wise:
>
> * -Wno-analyzer-double-free
> * -Wno-analyzer-use-after-free
>
> Lot's of CVE's issued because of double free and use after free...
I'm keenly aware. Note that this is just the default.
To enable those more expensive checks, use
./configure --enable-gcc-warnings=expensive
If someone finds a legit bug that would have been detected by that,
we'd probably change the default from "yes" to "expensive".