Previous: <a href="Waiving-Hardened-Results.html" accesskey="p" rel="prev">How to waive the results of the hardening tests</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="What-to-do-if-annocheck-reports-that-it-could-not-find-compiled-code_002e">4.2.42 What to do if annocheck reports that it could not find compiled code.</h4>
+<h4 class="subsection" id="What-to-do-if-annocheck-reports-that-it-could-not-find-compiled-code_002e">4.2.43 What to do if annocheck reports that it could not find compiled code.</h4>
<p>The hardening checker will automatically skip some tests if it cannot
prove that the file being checked was created by a known compiler, or
Next: <a href="Waiving-Hardened-Results.html" accesskey="n" rel="next">How to waive the results of the hardening tests</a>, Previous: <a href="Test-zero-call-used-regs.html" accesskey="p" rel="prev">The zero-call-used-regs test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="Command-line-options-specific-to-the-hardened-tool">4.2.40 Command line options specific to the hardened tool</h4>
+<h4 class="subsection" id="Command-line-options-specific-to-the-hardened-tool">4.2.41 Command line options specific to the hardened tool</h4>
<dl class="table">
<dt><code class="code">--skip-<var class="var">test</var>[=<var class="var">funcname</var>]</code></dt>
<li><a href="Test-entry.html" accesskey="7">The entry test</a></li>
<li><a href="Test-fast.html" accesskey="8">The -Ofast test</a></li>
<li><a href="Test-fips.html" accesskey="9">The FIPS test</a></li>
+<li><a href="Test-flex-arrays.html">The flex arrays test</a></li>
<li><a href="Test-fortify.html">The fortify test</a></li>
<li><a href="Test-gaps.html">The gaps test</a></li>
<li><a href="Test-glibcxx-assertions.html">The glibcxx-assertions test</a></li>
<link href="index.html" rel="start" title="Top">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Hardened.html" rel="up" title="Hardened">
-<link href="Test-fortify.html" rel="next" title="Test fortify">
+<link href="Test-flex-arrays.html" rel="next" title="Test flex arrays">
<link href="Test-fast.html" rel="prev" title="Test fast">
<style type="text/css">
<!--
<div class="subsection-level-extent" id="Test-fips">
<div class="nav-panel">
<p>
-Next: <a href="Test-f
ortify.html" accesskey="n" rel="next">The fortify test</a>, Previous: <a href="Test-fast.html" accesskey="p" rel="prev">The -Ofast test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
+Next: <a href="Test-f
lex-arrays.html" accesskey="n" rel="next">The flex arrays test</a>, Previous: <a href="Test-fast.html" accesskey="p" rel="prev">The -Ofast test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
<h4 class="subsection" id="The-FIPS-test">4.2.9 The FIPS test</h4>
--- /dev/null
+<!DOCTYPE html>
+<html>
+<!-- Created by GNU Texinfo 7.0.2, https://www.gnu.org/software/texinfo/ -->
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<!-- This file documents the annobin plugin on the Fedora system.
+
+Copyright © 2018 - 2023 Red Hat.
+
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.3
+or any later version published by the Free Software Foundation;
+with no Invariant Sections, with no Front-Cover Texts, and with no
+Back-Cover Texts. A copy of the license is included in the
+section entitled "GNU Free Documentation License".
+ -->
+<title>Test flex arrays (Annobin)</title>
+
+<meta name="description" content="Test flex arrays (Annobin)">
+<meta name="keywords" content="Test flex arrays (Annobin)">
+<meta name="resource-type" content="document">
+<meta name="distribution" content="global">
+<meta name="Generator" content="makeinfo">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+
+<link href="index.html" rel="start" title="Top">
+<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
+<link href="Hardened.html" rel="up" title="Hardened">
+<link href="Test-fortify.html" rel="next" title="Test fortify">
+<link href="Test-fips.html" rel="prev" title="Test fips">
+<style type="text/css">
+<!--
+div.example {margin-left: 3.2em}
+-->
+</style>
+
+
+</head>
+
+<body lang="en">
+<div class="subsection-level-extent" id="Test-flex-arrays">
+<div class="nav-panel">
+<p>
+Next: <a href="Test-fortify.html" accesskey="n" rel="next">The fortify test</a>, Previous: <a href="Test-fips.html" accesskey="p" rel="prev">The FIPS test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
+</div>
+<hr>
+<h4 class="subsection" id="The-flex-arrays-test">4.2.10 The flex arrays test</h4>
+
+<div class="example smallexample">
+<pre class="example-preformatted"> Problem: Flexible arrays are a C coding convention that are often
+ subject to buffer overrun attacks
+ Fix By: Compiling with -fstrict-flex-arrays=[123]
+ Waive If: The application does not use flexible arrays
+
+ Example: FAIL: flexible test because -fstrict-flex-arrays was not enabled
+</pre></div>
+
+<p>This is a future test. It is not enabled by default. It checks a
+security feature that may not be widely available or enforced.
+</p>
+<p>This test checks that the application was compiled with the
+<samp class="option">-fstrict-flex-arrays=[123]</samp> command line option enabled.
+This option enforces a stricter use of flexible arrays that is easier
+for the compiler to check for ppotential buffer overrun attacks.
+</p>
+<p>The test also checks that the <samp class="option">-Wstrict-flex-arrays</samp> warning
+is enabled.
+</p>
+<p>If necessary the test can be disabled via the <samp class="option">--skip-flex-arrays</samp>
+option and re-enabled via the <samp class="option">--test-flex-arrays</samp> option.
+</p>
+</div>
+
+
+
+</body>
+</html>
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Hardened.html" rel="up" title="Hardened">
<link href="Test-gaps.html" rel="next" title="Test gaps">
-<link href="Test-fips.html" rel="prev" title="Test fips">
+<link href="Test-flex-arrays.html" rel="prev" title="Test flex arrays">
<style type="text/css">
<!--
div.example {margin-left: 3.2em}
<div class="subsection-level-extent" id="Test-fortify">
<div class="nav-panel">
<p>
-Next: <a href="Test-gaps.html" accesskey="n" rel="next">The gaps test</a>, Previous: <a href="Test-f
ips.html" accesskey="p" rel="prev">The FIPS test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
+Next: <a href="Test-gaps.html" accesskey="n" rel="next">The gaps test</a>, Previous: <a href="Test-f
lex-arrays.html" accesskey="p" rel="prev">The flex arrays test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-fortify-test">4.2.10 The fortify test</h4>
+<h4 class="subsection" id="The-fortify-test">4.2.11 The fortify test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Buffer overruns in string/memory library functions can be exploited by an attacker
Next: <a href="Test-glibcxx-assertions.html" accesskey="n" rel="next">The glibcxx-assertions test</a>, Previous: <a href="Test-fortify.html" accesskey="p" rel="prev">The fortify test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-gaps-test">4.2.11 The gaps test</h4>
+<h4 class="subsection" id="The-gaps-test">4.2.12 The gaps test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Without complete coverage of the compiled code, other tests can miss problems
Next: <a href="Test-gnu-relro.html" accesskey="n" rel="next">The gnu-relro test</a>, Previous: <a href="Test-gaps.html" accesskey="p" rel="prev">The gaps test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-glibcxx_002dassertions-test">4.2.12 The glibcxx-assertions test</h4>
+<h4 class="subsection" id="The-glibcxx_002dassertions-test">4.2.13 The glibcxx-assertions test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Compiled C++ code might contain bugs that could have been detected and fixed
Next: <a href="Test-gnu-stack.html" accesskey="n" rel="next">The gnu-stack test</a>, Previous: <a href="Test-glibcxx-assertions.html" accesskey="p" rel="prev">The glibcxx-assertions test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-gnu_002drelro-test">4.2.13 The gnu-relro test</h4>
+<h4 class="subsection" id="The-gnu_002drelro-test">4.2.14 The gnu-relro test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: An attacker could alter how an applications interacts with shared libraries
Next: <a href="Test-go-revision.html" accesskey="n" rel="next">The go-revision test</a>, Previous: <a href="Test-gnu-relro.html" accesskey="p" rel="prev">The gnu-relro test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-gnu_002dstack-test">4.2.14 The gnu-stack test</h4>
+<h4 class="subsection" id="The-gnu_002dstack-test">4.2.15 The gnu-stack test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: An attacker could place code on the stack and then run it
Next: <a href="Test-implicit-values.html" accesskey="n" rel="next">The implicit values test</a>, Previous: <a href="Test-gnu-stack.html" accesskey="p" rel="prev">The gnu-stack test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-go_002drevision-test">4.2.15 The go-revision test</h4>
+<h4 class="subsection" id="The-go_002drevision-test">4.2.16 The go-revision test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Using old versions of the GO compiler looses out on security enhacements
Next: <a href="Test-instrumentation.html" accesskey="n" rel="next">The instrumentation test</a>, Previous: <a href="Test-go-revision.html" accesskey="p" rel="prev">The go-revision test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-implicit-values-test">4.2.16 The implicit values test</h4>
+<h4 class="subsection" id="The-implicit-values-test">4.2.17 The implicit values test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Binaries built with implicit types for functions and
Next: <a href="Test-lto.html" accesskey="n" rel="next">The lto test</a>, Previous: <a href="Test-implicit-values.html" accesskey="p" rel="prev">The implicit values test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-instrumentation-test">4.2.17 The instrumentation test</h4>
+<h4 class="subsection" id="The-instrumentation-test">4.2.18 The instrumentation test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Instrumented binaries are bigger and slower than regular binaries
Next: <a href="Test-not-branch-protection.html" accesskey="n" rel="next">The not-branch-protection test</a>, Previous: <a href="Test-instrumentation.html" accesskey="p" rel="prev">The instrumentation test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-lto-test">4.2.18 The lto test</h4>
+<h4 class="subsection" id="The-lto-test">4.2.19 The lto test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: When LTO is supported by the compiler, it should be used
Next: <a href="Test-not-dynamic-tags.html" accesskey="n" rel="next">The not-dynamic-tags test</a>, Previous: <a href="Test-lto.html" accesskey="p" rel="prev">The lto test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-not_002dbranch_002dprotection-test">4.2.19 The not-branch-protection test</h4>
+<h4 class="subsection" id="The-not_002dbranch_002dprotection-test">4.2.20 The not-branch-protection test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Protecting AArch64 binaries needs newer versions of AArch64 cores
Next: <a href="Test-notes.html" accesskey="n" rel="next">The notes test</a>, Previous: <a href="Test-not-branch-protection.html" accesskey="p" rel="prev">The not-branch-protection test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-not_002ddynamic_002dtags-test">4.2.20 The not-dynamic-tags test</h4>
+<h4 class="subsection" id="The-not_002ddynamic_002dtags-test">4.2.21 The not-dynamic-tags test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Protecting AArch64 binaries needs newer versions of AArch64 cores
Next: <a href="Test-only-go.html" accesskey="n" rel="next">The only-go test</a>, Previous: <a href="Test-not-dynamic-tags.html" accesskey="p" rel="prev">The not-dynamic-tags test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-notes-test">4.2.21 The notes test</h4>
+<h4 class="subsection" id="The-notes-test">4.2.22 The notes test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Lack of annobin notes in a binary means that other tests will not work properly
Next: <a href="Test-optimization.html" accesskey="n" rel="next">The optimization test</a>, Previous: <a href="Test-notes.html" accesskey="p" rel="prev">The notes test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-only_002dgo-test">4.2.22 The only-go test</h4>
+<h4 class="subsection" id="The-only_002dgo-test">4.2.23 The only-go test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Mixing GO and C is unsafe on x86 platforms
Next: <a href="Test-pic.html" accesskey="n" rel="next">The pic test</a>, Previous: <a href="Test-only-go.html" accesskey="p" rel="prev">The only-go test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-optimization-test">4.2.23 The optimization test</h4>
+<h4 class="subsection" id="The-optimization-test">4.2.24 The optimization test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Insufficient optimization prevents security features from working
Next: <a href="Test-pie.html" accesskey="n" rel="next">The pie test</a>, Previous: <a href="Test-optimization.html" accesskey="p" rel="prev">The optimization test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-pic-test">4.2.24 The pic test</h4>
+<h4 class="subsection" id="The-pic-test">4.2.25 The pic test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Static binaries are more vulnerable to attacks
Next: <a href="Test-production.html" accesskey="n" rel="next">The production test</a>, Previous: <a href="Test-pic.html" accesskey="p" rel="prev">The pic test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-pie-test">4.2.25 The pie test</h4>
+<h4 class="subsection" id="The-pie-test">4.2.26 The pie test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Static binaries are more vulnerable to attacks
Next: <a href="Test-property-note.html" accesskey="n" rel="next">The property-note test</a>, Previous: <a href="Test-pie.html" accesskey="p" rel="prev">The pie test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-production-test">4.2.26 The production test</h4>
+<h4 class="subsection" id="The-production-test">4.2.27 The production test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Shipping code generated by an experimental compiler is bad
Next: <a href="Test-run-path.html" accesskey="n" rel="next">The run-path test</a>, Previous: <a href="Test-production.html" accesskey="p" rel="prev">The production test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-property_002dnote-test">4.2.27 The property-note test</h4>
+<h4 class="subsection" id="The-property_002dnote-test">4.2.28 The property-note test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Badly formed or missing GNU property notes can compromise an application at runtime
Next: <a href="Test-rwx-seg.html" accesskey="n" rel="next">The rwx-seg test</a>, Previous: <a href="Test-property-note.html" accesskey="p" rel="prev">The property-note test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-run_002dpath-test">4.2.28 The run-path test</h4>
+<h4 class="subsection" id="The-run_002dpath-test">4.2.29 The run-path test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: An attacker could cause an application to use a corrupted shared library
Next: <a href="Test-short-enums.html" accesskey="n" rel="next">The short-enums test</a>, Previous: <a href="Test-run-path.html" accesskey="p" rel="prev">The run-path test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-rwx_002dseg-test">4.2.29 The rwx-seg test</h4>
+<h4 class="subsection" id="The-rwx_002dseg-test">4.2.30 The rwx-seg test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: An attacker could add their own code to an executable
Next: <a href="Test-stack-clash.html" accesskey="n" rel="next">The stack-clash test</a>, Previous: <a href="Test-rwx-seg.html" accesskey="p" rel="prev">The rwx-seg test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-short_002denums-test">4.2.30 The short-enums test</h4>
+<h4 class="subsection" id="The-short_002denums-test">4.2.31 The short-enums test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Compiler options can change the size of enums
Next: <a href="Test-stack-prot.html" accesskey="n" rel="next">The stack-prot test</a>, Previous: <a href="Test-short-enums.html" accesskey="p" rel="prev">The short-enums test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-stack_002dclash-test">4.2.31 The stack-clash test</h4>
+<h4 class="subsection" id="The-stack_002dclash-test">4.2.32 The stack-clash test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Attackers exploiting stack overrun bugs can gain control of an application
Next: <a href="Test-stack-realign.html" accesskey="n" rel="next">The stack-realign test</a>, Previous: <a href="Test-stack-clash.html" accesskey="p" rel="prev">The stack-clash test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-stack_002dprot-test">4.2.32 The stack-prot test</h4>
+<h4 class="subsection" id="The-stack_002dprot-test">4.2.33 The stack-prot test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Attackers exploiting stack overrun bugs can gain control of an application
Next: <a href="Test-textrel.html" accesskey="n" rel="next">The textrel test</a>, Previous: <a href="Test-stack-prot.html" accesskey="p" rel="prev">The stack-prot test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-stack_002drealign-test">4.2.33 The stack-realign test</h4>
+<h4 class="subsection" id="The-stack_002drealign-test">4.2.34 The stack-realign test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Legacy x86 code is incompatible with SSE instructions
Next: <a href="Test-threads.html" accesskey="n" rel="next">The threads test</a>, Previous: <a href="Test-stack-realign.html" accesskey="p" rel="prev">The stack-realign test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-textrel-test">4.2.34 The textrel test</h4>
+<h4 class="subsection" id="The-textrel-test">4.2.35 The textrel test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: An attacker could change the code in an executable
Next: <a href="Test-unicode.html" accesskey="n" rel="next">The unicode test</a>, Previous: <a href="Test-textrel.html" accesskey="p" rel="prev">The textrel test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-threads-test">4.2.35 The threads test</h4>
+<h4 class="subsection" id="The-threads-test">4.2.36 The threads test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Programs that do not support exceptions are more vulnerable to attacks
Next: <a href="Test-warnings.html" accesskey="n" rel="next">The warnings test</a>, Previous: <a href="Test-threads.html" accesskey="p" rel="prev">The threads test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-unicode-test">4.2.36 The unicode test</h4>
+<h4 class="subsection" id="The-unicode-test">4.2.37 The unicode test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Symbols containing certain unicode characters can conceal their real name
Next: <a href="Test-writable-got.html" accesskey="n" rel="next">The writable-got test</a>, Previous: <a href="Test-unicode.html" accesskey="p" rel="prev">The unicode test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-warnings-test">4.2.37 The warnings test</h4>
+<h4 class="subsection" id="The-warnings-test">4.2.38 The warnings test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: Compiling without warnings enabled can result in poor code
Next: <a href="Test-zero-call-used-regs.html" accesskey="n" rel="next">The zero-call-used-regs test</a>, Previous: <a href="Test-warnings.html" accesskey="p" rel="prev">The warnings test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-writable_002dgot-test">4.2.38 The writable-got test</h4>
+<h4 class="subsection" id="The-writable_002dgot-test">4.2.39 The writable-got test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: An attacker could intercept and redirect shared library function calls
Next: <a href="Hardened-Command-Line-Options.html" accesskey="n" rel="next">Command line options specific to the hardened tool</a>, Previous: <a href="Test-writable-got.html" accesskey="p" rel="prev">The writable-got test</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="The-zero_002dcall_002dused_002dregs-test">4.2.39 The zero-call-used-regs test</h4>
+<h4 class="subsection" id="The-zero_002dcall_002dused_002dregs-test">4.2.40 The zero-call-used-regs test</h4>
<div class="example smallexample">
<pre class="example-preformatted"> Problem: An attacker could extract information or use ROP style attacks if call used registers are not initialised
languages are not affected.
</p>
</dd>
+<dt><code class="code">bits 26 - 28</code></dt>
+<dd><p>These bits record the settings of gcc’s flexible array strengthening.
+Bit 26 is set only if the feature is supported by the compiler. If
+bit 26 is not set then bits 27 to 28 should be ignored. Bit 27 is set
+if the <samp class="option">-Wstrict-flex-arrays</samp> warnings is enabled. Bit 28 is
+set if the <samp class="option">-fstrict-flex-arrays</samp> option has been set to a
+value greater than zero.
+</p></dd>
</dl>
<p>The other bits are not currently used and should be set to zero so
Next: <a href="Absence-of-compiled-code.html" accesskey="n" rel="next">What to do if annocheck reports that it could not find compiled code.</a>, Previous: <a href="Hardened-Command-Line-Options.html" accesskey="p" rel="prev">Command line options specific to the hardened tool</a>, Up: <a href="Hardened.html" accesskey="u" rel="up">The Hardened security checker.</a> [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>]</p>
</div>
<hr>
-<h4 class="subsection" id="How-to-waive-the-results-of-the-hardening-tests">4.2.41 How to waive the results of the hardening tests</h4>
+<h4 class="subsection" id="How-to-waive-the-results-of-the-hardening-tests">4.2.42 How to waive the results of the hardening tests</h4>
<p>[This section is Red Hat specific.]
</p>
<li><a id="toc-The-entry-test" href="Test-entry.html">4.2.7 The entry test</a></li>
<li><a id="toc-The-_002dOfast-test" href="Test-fast.html">4.2.8 The -Ofast test</a></li>
<li><a id="toc-The-FIPS-test" href="Test-fips.html">4.2.9 The FIPS test</a></li>
- <li><a id="toc-The-fortify-test" href="Test-fortify.html">4.2.10 The fortify test</a></li>
- <li><a id="toc-The-gaps-test" href="Test-gaps.html">4.2.11 The gaps test</a></li>
- <li><a id="toc-The-glibcxx_002dassertions-test" href="Test-glibcxx-assertions.html">4.2.12 The glibcxx-assertions test</a></li>
- <li><a id="toc-The-gnu_002drelro-test" href="Test-gnu-relro.html">4.2.13 The gnu-relro test</a></li>
- <li><a id="toc-The-gnu_002dstack-test" href="Test-gnu-stack.html">4.2.14 The gnu-stack test</a></li>
- <li><a id="toc-The-go_002drevision-test" href="Test-go-revision.html">4.2.15 The go-revision test</a></li>
- <li><a id="toc-The-implicit-values-test" href="Test-implicit-values.html">4.2.16 The implicit values test</a></li>
- <li><a id="toc-The-instrumentation-test" href="Test-instrumentation.html">4.2.17 The instrumentation test</a></li>
- <li><a id="toc-The-lto-test" href="Test-lto.html">4.2.18 The lto test</a></li>
- <li><a id="toc-The-not_002dbranch_002dprotection-test" href="Test-not-branch-protection.html">4.2.19 The not-branch-protection test</a></li>
- <li><a id="toc-The-not_002ddynamic_002dtags-test" href="Test-not-dynamic-tags.html">4.2.20 The not-dynamic-tags test</a></li>
- <li><a id="toc-The-notes-test" href="Test-notes.html">4.2.21 The notes test</a></li>
- <li><a id="toc-The-only_002dgo-test" href="Test-only-go.html">4.2.22 The only-go test</a></li>
- <li><a id="toc-The-optimization-test" href="Test-optimization.html">4.2.23 The optimization test</a></li>
- <li><a id="toc-The-pic-test" href="Test-pic.html">4.2.24 The pic test</a></li>
- <li><a id="toc-The-pie-test" href="Test-pie.html">4.2.25 The pie test</a></li>
- <li><a id="toc-The-production-test" href="Test-production.html">4.2.26 The production test</a></li>
- <li><a id="toc-The-property_002dnote-test" href="Test-property-note.html">4.2.27 The property-note test</a></li>
- <li><a id="toc-The-run_002dpath-test" href="Test-run-path.html">4.2.28 The run-path test</a></li>
- <li><a id="toc-The-rwx_002dseg-test" href="Test-rwx-seg.html">4.2.29 The rwx-seg test</a></li>
- <li><a id="toc-The-short_002denums-test" href="Test-short-enums.html">4.2.30 The short-enums test</a></li>
- <li><a id="toc-The-stack_002dclash-test" href="Test-stack-clash.html">4.2.31 The stack-clash test</a></li>
- <li><a id="toc-The-stack_002dprot-test" href="Test-stack-prot.html">4.2.32 The stack-prot test</a></li>
- <li><a id="toc-The-stack_002drealign-test" href="Test-stack-realign.html">4.2.33 The stack-realign test</a></li>
- <li><a id="toc-The-textrel-test" href="Test-textrel.html">4.2.34 The textrel test</a></li>
- <li><a id="toc-The-threads-test" href="Test-threads.html">4.2.35 The threads test</a></li>
- <li><a id="toc-The-unicode-test" href="Test-unicode.html">4.2.36 The unicode test</a></li>
- <li><a id="toc-The-warnings-test" href="Test-warnings.html">4.2.37 The warnings test</a></li>
- <li><a id="toc-The-writable_002dgot-test" href="Test-writable-got.html">4.2.38 The writable-got test</a></li>
- <li><a id="toc-The-zero_002dcall_002dused_002dregs-test" href="Test-zero-call-used-regs.html">4.2.39 The zero-call-used-regs test</a></li>
- <li><a id="toc-Command-line-options-specific-to-the-hardened-tool" href="Hardened-Command-Line-Options.html">4.2.40 Command line options specific to the hardened tool</a></li>
- <li><a id="toc-How-to-waive-the-results-of-the-hardening-tests" href="Waiving-Hardened-Results.html">4.2.41 How to waive the results of the hardening tests</a></li>
- <li><a id="toc-What-to-do-if-annocheck-reports-that-it-could-not-find-compiled-code_002e" href="Absence-of-compiled-code.html">4.2.42 What to do if annocheck reports that it could not find compiled code.</a></li>
+ <li><a id="toc-The-flex-arrays-test" href="Test-flex-arrays.html">4.2.10 The flex arrays test</a></li>
+ <li><a id="toc-The-fortify-test" href="Test-fortify.html">4.2.11 The fortify test</a></li>
+ <li><a id="toc-The-gaps-test" href="Test-gaps.html">4.2.12 The gaps test</a></li>
+ <li><a id="toc-The-glibcxx_002dassertions-test" href="Test-glibcxx-assertions.html">4.2.13 The glibcxx-assertions test</a></li>
+ <li><a id="toc-The-gnu_002drelro-test" href="Test-gnu-relro.html">4.2.14 The gnu-relro test</a></li>
+ <li><a id="toc-The-gnu_002dstack-test" href="Test-gnu-stack.html">4.2.15 The gnu-stack test</a></li>
+ <li><a id="toc-The-go_002drevision-test" href="Test-go-revision.html">4.2.16 The go-revision test</a></li>
+ <li><a id="toc-The-implicit-values-test" href="Test-implicit-values.html">4.2.17 The implicit values test</a></li>
+ <li><a id="toc-The-instrumentation-test" href="Test-instrumentation.html">4.2.18 The instrumentation test</a></li>
+ <li><a id="toc-The-lto-test" href="Test-lto.html">4.2.19 The lto test</a></li>
+ <li><a id="toc-The-not_002dbranch_002dprotection-test" href="Test-not-branch-protection.html">4.2.20 The not-branch-protection test</a></li>
+ <li><a id="toc-The-not_002ddynamic_002dtags-test" href="Test-not-dynamic-tags.html">4.2.21 The not-dynamic-tags test</a></li>
+ <li><a id="toc-The-notes-test" href="Test-notes.html">4.2.22 The notes test</a></li>
+ <li><a id="toc-The-only_002dgo-test" href="Test-only-go.html">4.2.23 The only-go test</a></li>
+ <li><a id="toc-The-optimization-test" href="Test-optimization.html">4.2.24 The optimization test</a></li>
+ <li><a id="toc-The-pic-test" href="Test-pic.html">4.2.25 The pic test</a></li>
+ <li><a id="toc-The-pie-test" href="Test-pie.html">4.2.26 The pie test</a></li>
+ <li><a id="toc-The-production-test" href="Test-production.html">4.2.27 The production test</a></li>
+ <li><a id="toc-The-property_002dnote-test" href="Test-property-note.html">4.2.28 The property-note test</a></li>
+ <li><a id="toc-The-run_002dpath-test" href="Test-run-path.html">4.2.29 The run-path test</a></li>
+ <li><a id="toc-The-rwx_002dseg-test" href="Test-rwx-seg.html">4.2.30 The rwx-seg test</a></li>
+ <li><a id="toc-The-short_002denums-test" href="Test-short-enums.html">4.2.31 The short-enums test</a></li>
+ <li><a id="toc-The-stack_002dclash-test" href="Test-stack-clash.html">4.2.32 The stack-clash test</a></li>
+ <li><a id="toc-The-stack_002dprot-test" href="Test-stack-prot.html">4.2.33 The stack-prot test</a></li>
+ <li><a id="toc-The-stack_002drealign-test" href="Test-stack-realign.html">4.2.34 The stack-realign test</a></li>
+ <li><a id="toc-The-textrel-test" href="Test-textrel.html">4.2.35 The textrel test</a></li>
+ <li><a id="toc-The-threads-test" href="Test-threads.html">4.2.36 The threads test</a></li>
+ <li><a id="toc-The-unicode-test" href="Test-unicode.html">4.2.37 The unicode test</a></li>
+ <li><a id="toc-The-warnings-test" href="Test-warnings.html">4.2.38 The warnings test</a></li>
+ <li><a id="toc-The-writable_002dgot-test" href="Test-writable-got.html">4.2.39 The writable-got test</a></li>
+ <li><a id="toc-The-zero_002dcall_002dused_002dregs-test" href="Test-zero-call-used-regs.html">4.2.40 The zero-call-used-regs test</a></li>
+ <li><a id="toc-Command-line-options-specific-to-the-hardened-tool" href="Hardened-Command-Line-Options.html">4.2.41 Command line options specific to the hardened tool</a></li>
+ <li><a id="toc-How-to-waive-the-results-of-the-hardening-tests" href="Waiving-Hardened-Results.html">4.2.42 How to waive the results of the hardening tests</a></li>
+ <li><a id="toc-What-to-do-if-annocheck-reports-that-it-could-not-find-compiled-code_002e" href="Absence-of-compiled-code.html">4.2.43 What to do if annocheck reports that it could not find compiled code.</a></li>
</ul></li>
<li><a id="toc-The-annobin-note-displayer" href="Notes.html">4.3 The annobin note displayer</a></li>
<li><a id="toc-The-section-size-recorder" href="Size.html">4.4 The section size recorder</a></li>
git://sourceware.org / annobin-htdocs.git / commitdiff