https://github.com/AaronBallman created https://github.com/llvm/llvm-project/pull/149357
Libclang is a wrapper around the Clang frontend, and frontends are not security-sensitive components of the LLVM project. However, libclang is often embedded in people's downstream tools, so it's best to mention that explicitly. >From 671e4080a5d1e4463f5f6323691411606bc1cf53 Mon Sep 17 00:00:00 2001 From: Aaron Ballman <aa...@aaronballman.com> Date: Thu, 17 Jul 2025 12:49:39 -0400 Subject: [PATCH] [Docs] Mention security of libclang Libclang is a wrapper around the Clang frontend, and frontends are not security-sensitive components of the LLVM project. However, libclang is often embedded in people's downstream tools, so it's best to mention that explicitly. --- clang/docs/LibClang.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/clang/docs/LibClang.rst b/clang/docs/LibClang.rst index 6c2b11ac7fc23..e747022b9c173 100644 --- a/clang/docs/LibClang.rst +++ b/clang/docs/LibClang.rst @@ -404,3 +404,9 @@ following situations are explicitly unsupported: compatible across library versions. * For the same reason as above, serializing objects from one version of the library and deserializing with a different version is also not supported. + +Note: because libclang is a wrapper around the compiler frontend, it is not a +`security-sensitive component`_ of the LLVM Project. Consider using a sandbox +or some other mitigation approach if processing untrusted input. + +.. _security-sensitive component: https://llvm.org/docs/Security.html#what-is-considered-a-security-issue _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
