[tor-bugs] #24467 [Core Tor/Tor]: Enable -Wnormalized=nfkc when available to avoid source code identifier confusion
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 29 02:35:57 UTC 2017
#24467: Enable -Wnormalized=nfkc when available to avoid source code identifier
confusion
------------------------------+--------------------------------
Reporter: teor | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: security-low
Actual Points: | Parent ID:
Points: 0.2 | Reviewer:
Sponsor: |
------------------------------+--------------------------------
In https://people.torproject.org/~nickm/warnings.html , nickm asks:
> We use -Wnormalized=id now; should we switch?
Yes, we should switch to `-Wnormalized=nfkc`, as a precaution against
patches that are submitted with similar-looking characters. Ideally, we
would use `-Wnormalized=ban-unicode-in-identifiers`, but that's not
something gcc has implemented yet.
From https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
Some characters in ISO 10646 have distinct meanings but look identical
in some fonts or display methodologies, especially once formatting has
been applied. For instance \u207F, “SUPERSCRIPT LATIN SMALL LETTER N”,
displays just like a regular n that has been placed in a superscript. ISO
10646 defines the NFKC normalization scheme to convert all these into a
standard form as well, and GCC warns if your code is not in NFKC if you
use -Wnormalized=nfkc. This warning is comparable to warning about every
identifier that contains the letter O because it might be confused with
the digit 0, and so is not the default, but may be useful as a local
coding convention if the programming environment cannot be fixed to
display these characters distinctly.
clang hasn't implemented -Wnormalized yet:
https://clang.llvm.org/docs/DiagnosticsReference.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24467>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list