BUILD: add detection of missing important CFLAGS

Modern compilers love to break existing code, and some options detected at build time (such as -fwrapv) are absolutely critical otherwise some bad code can be generated. Given that some users rely on packages that force CFLAGS without being aware of this and can be hit by runtime bugs, we have to help packagers figure that they need to be careful about their build options. The test here consists in detecting correct wrapping of signed integers. Some of the old code relies on it, and modern compilers recently decided to break it. It's normally addressed using -fwrapv which users will rarely enforce in their own flags. Thus it is a good indicator of missing critical CFLAGS, and it happens to be very easy to detect at run time. Note that the test uses argc in order to have a variable. While gcc ignores wrapping even for constants, clang only ignores it for variables. The way the code is constructed doesn't result in code being emitted for optimized builds thanks to value range propagation. This should address GitHub issue #1315, and should be backported to all stable versions. It may result in instantly breaking binaries that seemed to work fine (typically the ones suddenly showing a busy loop after a few weeks of uptime), and require packagers to fix their flags. The vast majority of distro packages are fine and will not be affected though.
2025-09-22 06:11:32 +02:00 · 2021-07-14 17:54:01 +02:00 · 2021-07-14 17:54:01 +02:00 · 1335da38f4
commit 1335da38f4
parent 0498fa4059
1 changed files with 32 additions and 0 deletions
--- a/src/haproxy.c
+++ b/src/haproxy.c
@ -2842,6 +2842,38 @@ int main(int argc, char **argv)
 	int err, retry;
 	struct rlimit limit;
 	int pidfd = -1;
+	int intovf = (unsigned char)argc + 1; /* let the compiler know it's strictly positive */
+
+	/* Catch forced CFLAGS that miss 2-complement integer overflow */
+	if (intovf + 0x7FFFFFFF >= intovf) {
+		fprintf(stderr,
+		        "FATAL ERROR: invalid code detected -- cannot go further, please recompile!\n"
+			"The source code was miscompiled by the compiler, which usually indicates that\n"
+			"some of the CFLAGS needed to work around overzealous compiler optimizations\n"
+			"were overwritten at build time. Please do not force CFLAGS, and read Makefile\n"
+			"and INSTALL files to decide on the best way to pass your local build options.\n"
+		        "\nBuild options :"
+#ifdef BUILD_TARGET
+		       "\n  TARGET  = " BUILD_TARGET
+#endif
+#ifdef BUILD_CPU
+		       "\n  CPU     = " BUILD_CPU
+#endif
+#ifdef BUILD_CC
+		       "\n  CC      = " BUILD_CC
+#endif
+#ifdef BUILD_CFLAGS
+		       "\n  CFLAGS  = " BUILD_CFLAGS
+#endif
+#ifdef BUILD_OPTIONS
+		       "\n  OPTIONS = " BUILD_OPTIONS
+#endif
+#ifdef BUILD_DEBUG
+		       "\n  DEBUG   = " BUILD_DEBUG
+#endif
+		       "\n\n");
+		return 1;
+	}

 	setvbuf(stdout, NULL, _IONBF, 0);