Merge pull request #10748 from maribu/sane_signed_interger_overflow

makefiles: Add -fwrapv to CFLAGS
2025-12-30 08:51:19 +01:00 · 2021-01-25 18:47:09 +01:00 · 2021-01-25 18:47:09 +01:00 · 25e99d81ed
commit 25e99d81ed
parent f45613abbf 01382dc4ad
1 changed files with 16 additions and 0 deletions
--- a/makefiles/cflags.inc.mk
+++ b/makefiles/cflags.inc.mk
@ -19,6 +19,22 @@ ifneq ($(CC_NOCOLOR),1)
  OPTIONAL_CFLAGS += -fdiagnostics-color
 endif

+# Force the C compiler to not ignore signed integer overflows
+# Background:   In practise signed integers overflow consistently and wrap
+#               around to the lowest number. But this is undefined behaviour.
+#               Branches that rely on this undefined behaviour will be silently
+#               optimized out. For details, have a look at
+#               https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475
+# Note:         Please do not add new code that relies on this undefined
+#               behaviour, even though this flag makes your code work. There are
+#               safe ways to check for signed integer overflow.
+CFLAGS += -fwrapv
+# Enable warnings for code relying on signed integers to overflow correctly
+# (see above for details).
+# Note:         This warning is sadly not reliable, thus -fwrapv cannot be
+#               dropped in favor of this
+CFLAGS += -Wstrict-overflow
+
 # Fast-out on old style function definitions.
 # They cause unreadable error compiler errors on missing semicolons.
 # Worse yet they hide errors by accepting wildcard argument types.