diff options
| author | Patrick Steinhardt <ps@pks.im> | 2024-12-06 11:27:16 +0100 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2024-12-06 20:20:01 +0900 |
| commit | 2121a76d71e6742fe9627289b45717663bcef832 (patch) | |
| tree | d2b9b9578adb1057f48d830e15dd5d6ec74cfa9f /builtin/diff-index.c | |
| parent | The fourteenth batch (diff) | |
| download | git-2121a76d71e6742fe9627289b45717663bcef832.tar.gz git-2121a76d71e6742fe9627289b45717663bcef832.zip | |
git-compat-util: introduce macros to disable "-Wsign-compare" warnings
When compiling with DEVELOPER=YesPlease, we explicitly disable the
"-Wsign-compare" warning. This is mostly because our code base is full
of cases where we don't bother at all whether something should be signed
or unsigned, and enabling the warning would thus cause tons of warnings
to pop up.
Unfortunately, disabling this warning also masks real issues. There have
been multiple CVEs in the Git project that would have been flagged by
this warning (e.g. CVE-2022-39260, CVE-2022-41903 and several fixes in
the vicinity of these CVEs). Furthermore, the final audit report by
X41 D-Sec, who are the ones who have discovered some of the CVEs, hinted
that it might be a good idea to become more strict in this context.
Now simply enabling the warning globally does not fly due to the stated
reason above that we simply have too many sites where we use the wrong
integer types. Instead, introduce a new set of macros that allow us to
mark a file as being free of warnings with "-Wsign-compare". The
mechanism is similar to what we do with `USE_THE_REPOSITORY_VARIABLE`:
every file that is not marked with `DISABLE_SIGN_COMPARE_WARNINGS` will
be compiled with those warnings enabled.
These new markings will be wired up in the subsequent commits.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'builtin/diff-index.c')
0 files changed, 0 insertions, 0 deletions