diff options
| author | Julian Andres Klode <jak@debian.org> | 2017-08-24 16:50:12 +0200 |
|---|---|---|
| committer | Julian Andres Klode <jak@debian.org> | 2017-08-24 16:56:48 +0200 |
| commit | 03590fb98226bfdf3147eb78effc3fa7987709bb (patch) | |
| tree | c8b0650b24d6086f6bbc656caf2876c0ed3b6632 | |
| parent | d64ef1c36b2885f1f178f5438c1a4f67f8bdee88 (diff) | |
Redefine APT_CONST to mean APT_PURE
Functions marked with the const attribute may not inspect
any global memory. This includes targets of pointers or
references passed as arguments. A pure function however
is free to inspect memory, but may not have any side
effects.
The function StringSplit() was marked as const, but took
two references to strings. When the second one was passed
as a literal as in StringSplit(name, "::") the compiler
cleverly figured out that we only inspect the address of
"::" (since StringSplit is const) and thus optimized away
the "::" content.
While patching out individual broken uses of APT_CONST
would be possible, this is already the second case, and
there might be more, so let's redefine APT_CONST to use
the pure attribute, so we don't end up with the same
situation again in some time.
| -rw-r--r-- | apt-pkg/contrib/macros.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/apt-pkg/contrib/macros.h b/apt-pkg/contrib/macros.h index 5e22a195d..abf99f7a2 100644 --- a/apt-pkg/contrib/macros.h +++ b/apt-pkg/contrib/macros.h @@ -73,7 +73,8 @@ #if APT_GCC_VERSION >= 0x0300 #define APT_DEPRECATED __attribute__ ((deprecated)) #define APT_DEPRECATED_MSG(X) __attribute__ ((deprecated(X))) - #define APT_CONST __attribute__((const)) + // __attribute__((const)) is too dangerous for us, we end up using it wrongly + #define APT_CONST __attribute__((pure)) #define APT_PURE __attribute__((pure)) #define APT_NORETURN __attribute__((noreturn)) #define APT_PRINTF(n) __attribute__((format(printf, n, n + 1))) |