void added a comment.
In D123544#3445425 <https://reviews.llvm.org/D123544#3445425>, @xbolva00 wrote:
>>> While I agree with the security aspects of this in principle, it is not a
>>> conforming behavior in C and it runs significant risk of breaking existing
>>> code such that it introduces new security issues.
>
> I agree strongly. This could happily can do more harm than good ("the road to
> hell is paved with good intentions"). Please leave it opt-in or introduce
> "modes" for this feature like -frandomize-struct=func-pointers |
> -frandomize-struct=xxx | -frandomize-struct=all.
[Some context for this patch: the GCC plugin does this already. Our initial
implementation of randstruct skipped that part.]
Could you explain a bit more why it's not considered conforming behavior in C?
The entire feature is definitely unusual and introduces some caveats (the
structure initialization being just one of them).
Here's an article on this feature and why randomizing structs of function
pointers is Considered Good(tm): https://lwn.net/Articles/722293/
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D123544/new/
https://reviews.llvm.org/D123544
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
