autoconf-patches
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] AC_COMPILE_IFELSE: Evaluate user supplied arguments


From: Eric Blake
Subject: Re: [PATCH] AC_COMPILE_IFELSE: Evaluate user supplied arguments
Date: Thu, 7 Mar 2019 13:33:47 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1

On 3/7/19 11:33 AM, Nikolai Merinov wrote:
> In the following call sequence
>> ./configure CPPFLAGS='-DVARIABLE=\"string\"' && make
> compilation with the `AC_COMPILE_IFELSE' macro and with the `make'
> command should use same compilation commands. It means that the
> `AC_COMPILE_IFELSE' macro should evaluate the `ac_compile` variable
> twice in order to evaluate user-supplied variables.

eval'ing user-supplied text can be dangerous, as the user can supply
arbitrary shell code if their text is not carefully sanitized.

I'm not quite sure what you are trying to accomplish: Given a command
line (or environment variable, since CPPFLAGS is precious), are you
trying to have user input of:

CPPFLAGS='-DVARIABLE=\"string\"'

result in the Makefile using:

CPPFLAGS = -DVARIABLE="string"

(which would compile as if written:
#define VARIABLE string
because make expands $(CPPFLAGS) before invoking sh that eats the ") or in:

CPPFLAGS = -DVARIABLE=\"string\"

(which would compile as if written:
#define VARIABLE "string"
because sh eats the \ but leaves the ")

At which point, are you arguing that if make is going to pass through
another shell and eat a layer of quotation, then configure should do
likewise for any use of those same variables?

> +++ b/tests/compile.at
> @@ -301,6 +301,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [return 2])],
>  AT_CHECK_AUTOCONF
>  AT_CHECK_CONFIGURE([-q])
>  
> +AT_DATA([configure.ac],
> +[[AC_INIT
> +AC_PROG_CC
> +test x$GCC = xyes && CFLAGS='"-Wall"'

Okay, this helps - it looks like you are indeed arguing that the
Makefile will end up with:

CFLAGS = "-Wall"

but those quotes get eaten by shell; so our use of ${CFLAGS} during
configure should use the same level of quotation stripping as what the
resulting makefile will.

Your patch could use a NEWS entry for the change.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]