Systematic memory safety hardening#171
Merged
Taywee merged 5 commits intoMay 22, 2026
Merged
Conversation
These duplicated functionality already provided by args.hxx (SafeAdd/SafeMultiply/SafeSub/SafeNeg in namespace args) and already covered by test/safe_arithmetic.cxx. The duplicate header used an unsigned-only `value < min()` check that triggers -Wtype-limits under -Werror on gcc/clang, breaking the ubuntu and macos CMake jobs. Meson and Windows were unaffected because meson.build did not list the duplicate test and MSVC does not emit that warning.
metsw24-max
force-pushed
the
systematic-hardening-checked-arithmetic
branch
from
9019222 to
00d2a8b
Compare
vector::erase(begin() + idx) implicitly converts size_t -> ptrdiff_t. Under the branch's new directory-wide -Wsign-conversion + -Werror, this aborts the build of every test TU that instantiates Parse(). Add an explicit static_cast to the vector's difference_type.
This warning fires on every raw pointer arithmetic operation, including the standard `argv + 1, argv + argc` idiom used in args.hxx and the gitlike example. Combined with the test target's -Werror, it broke all test TUs on macos/clang. There is no clean replacement for argv handling short of std::span (C++20), so leave the flag off for this C++11 codebase.
Owner
|
I'm happy with this. Thank you for the PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What This PR Changes
Compiler Hardening Support
Adds optional compiler hardening and sanitizer support:
GCC / Clang
-Wall-Wextra-Wconversion-Wsign-conversion-Wformat=2MSVC
/W4/sdl/GS/guard:cfSanitizers remain disabled by default and can be enabled explicitly:
Fuzzing Infrastructure
Adds an optional libFuzzer-based parser fuzz target:
fuzz/fuzz_parser.cppFuzzing is disabled by default and can be enabled with:
Why This Change
This PR improves robustness around arithmetic operations, parser edge cases, and undefined behavior handling while adding infrastructure for future security testing and regression detection.
The changes are fully backward compatible and introduce no public API modifications.
Files Added / Modified
fuzz/fuzz_parser.cppfuzz/README.mdCMakeLists.txtCompatibility