>On 2012/07/13 02:37, Peter Laufenberg wrote:
>> >I'd just like to point out on-list that we shouldn't be patching
>> >away stpcpy everywhere, it is easy to introduce a bug in perfectly
>> >correct code by doing this (as happened in some cases with strlcpy
>> >patches in the ports tree), it's just that gettext is *very* commonly
>> >used and the linker warning adds a lot of noise to the build logs,
>> >so removing that noise is helpful here.
>>
>> Sorry if this is already addressed elsewhere but is there a way to browse
>> ports' various "code orthodoxy" statistics such as strcpy() usage and other
>> OpenBSD no-nos?
>>
>> I understand compiler warnings are a far cry from full-blown static code
>> analysis, and that a strcpy-clean port could still be a Swiss
>> security-cheese, but whatever stats would be a start. F.ex. Debian's
>> comparison between Clang- and gcc-compiled kernels shows interesting
>> patterns (I know their resources are vastly superior).
>>
>> Maybe such name-and-shame stats could help prod upstream maintainers to
>> improve their code.
>
>well it's possible ("grep -Rc warning.*dangerous .|grep -v ':0$' |
>sort -n -r -k2 -t:" over a bulk build log directory) but pointless,
>as this in no way indicates whether something is used correctly or not.
What I meant is some easily-accessible data that aggregates various ports;
f.ex. a post-build package metafile one could bulk-load and view as a
statistical model.
>just as a port only using the "safe" functions could still have huge
>problems, a port using the "unsafe" functions could still be using them
>correctly.
I agree with the 1st part (as I mentioned), however the unsafe functions are
being deprecated for the very reason they're a wildcard, even in MS' compilers.
Custom client-side juggling may or may not make them "used correctly", but the
right solution is to use the new functions from the C runtime.
Not to start a pissfight but OpenBSD is based on correct code; it'd be nice if
it could have a spillover effect on ports, even if only for OpenBSD users.
-- p
