On 09/10/2015 06:57 PM, Martin Sebor wrote: >>> There is quite a bit of documentation of _FORTIFY_SOURCE that explains >>> its effect on user code. >> >> I think there are only random blog articles discussing aspects of it, >> most of them slightly incorrect or outdated. > > _FORTIFY_SOURCE is a GLIBC feature test macro. It's documented > in <features.h> and mentioned in some of its online manuals. > For example: > > http://man7.org/linux/man-pages/man7/feature_test_macros.7.html > > or here: > > http://manpages.ubuntu.com/manpages/hardy/man7/feature_test_macros.7.html
Oh, so there is an out-dated man-page as well. :-/ The fd_set checks added in glibc 2.15 are missing. That caused some backslash because some folks were actually abusing FD_SET and related macros. Nothing too severe, and in the end, we stood our ground. I expect the libstdc++ changes to be similar. Again, my main argument is that the main users of _FORTIFY_SOURCE are distributions, and they would inject whatever preprocessor macro enables the new libstdc++ checks anyway, so saving them that work would be preferable IMHO. -- Florian Weimer / Red Hat Product Security
