diff --git a/CHANGES b/CHANGES index 0e652f6e35..62938ef4fc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +5834. [cleanup] C99 variable-length arrays are difficult to use safely, + so avoid them except in test code. [GL #3201] + 5833. [bug] When encountering socket error while trying to initiate a TCP connection to a server, dig could hang indefinitely, when there were more servers to try. diff --git a/Makefile.tests b/Makefile.tests index 70d528285c..97a914db6a 100644 --- a/Makefile.tests +++ b/Makefile.tests @@ -7,6 +7,9 @@ TESTS = $(check_PROGRAMS) LOG_COMPILER = $(builddir)/../../unit-test-driver.sh +AM_CFLAGS += \ + $(TEST_CFLAGS) + AM_CPPFLAGS += \ $(CMOCKA_CFLAGS) \ -DNAMED_PLUGINDIR=\"$(libdir)/named\" \ diff --git a/bin/tests/Makefile.am b/bin/tests/Makefile.am index 7c2ebe27d5..cde8467e55 100644 --- a/bin/tests/Makefile.am +++ b/bin/tests/Makefile.am @@ -7,6 +7,9 @@ noinst_PROGRAMS = \ test_server \ wire_test +AM_CFLAGS += \ + $(TEST_CFLAGS) + test_client_CPPFLAGS = \ $(AM_CPPFLAGS) \ $(LIBISC_CFLAGS) diff --git a/configure.ac b/configure.ac index 32ed87ac3f..0139043da1 100644 --- a/configure.ac +++ b/configure.ac @@ -117,7 +117,10 @@ AS_IF([test "$enable_static" != "no" && test "$enable_developer" != "yes"], STD_CFLAGS="-Wall -Wextra -Wwrite-strings -Wpointer-arith -Wno-missing-field-initializers -Wformat -Wshadow" # These should be always errors -STD_CFLAGS="$STD_CFLAGS -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes" +STD_CFLAGS="$STD_CFLAGS -Werror=implicit-function-declaration -Werror=missing-prototypes -Werror=format-security -Werror=parentheses -Werror=implicit -Werror=strict-prototypes -Werror=vla" + +# ... except in test code +TEST_CFLAGS="-Wno-vla" # Fortify the sources by default STD_CPPFLAGS="-D_FORTIFY_SOURCE=2" @@ -159,6 +162,7 @@ AS_IF([test "$enable_developer" = "yes"], AC_SUBST([DEVELOPER_MODE]) AC_SUBST([STD_CFLAGS]) AC_SUBST([STD_CPPFLAGS]) +AC_SUBST([TEST_CFLAGS]) # [pairwise: --enable-warn-error, --disable-warn-error] AC_ARG_ENABLE([warn_error], diff --git a/doc/dev/style.md b/doc/dev/style.md index 9fe9a552f9..f3165f2a36 100644 --- a/doc/dev/style.md +++ b/doc/dev/style.md @@ -683,9 +683,14 @@ Declare variables as constant if they are not to be modified. #### Variable-Length Arrays -Use VLAs where it is more appropriate to allocate the memory on the stack rather -than allocate it using `isc_mem_get()` from the heap. Usually, a short lived -arrays local to that particular functions would be good fit for using VLAs. +VLAs are unsafe when it is important to handle allocation failure in a +controlled manner rather than an uncontrolled crash. They are safer if the +array size is checked first, but then you lose a lot of their simplicity +and readability. + +VLAs should not be used in most code in BIND. VLAs are OK in test code +where the lack of safety doesn't matter. The default compiler flags enforce +this rule. #### Public Interface Namespace diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am index d82f8c359b..021156da95 100644 --- a/fuzz/Makefile.am +++ b/fuzz/Makefile.am @@ -1,5 +1,8 @@ include $(top_srcdir)/Makefile.top +AM_CFLAGS += \ + $(TEST_CFLAGS) + AM_CPPFLAGS += \ $(LIBISC_CFLAGS) \ $(LIBDNS_CFLAGS) \