1. 1
  1. 2

    Ugh. I remember seeing checks generated from autoconf depending on this behaviour 15 years ago and hated it then (and had to fix a load of other things where autoconf scripts depended on UB that clang rejected). The fact that it’s still generating them today is another reason why I’m glad that I’ve managed to avoid autoconf almost entirely for the last decade.

    For anyone who doesn’t want to read the detail, there are two terrible features in C89 that should never be used (well, more than that, but two under discussion here):

    • If a function does not declare a return type, it is implicitly int.
    • If the callee in a call expression is an undefined symbols then it is implicitly declared as int symbol(). The empty brackets in C2x mean void but prior to that mean a K&R C function that can declare formal parameters in its body but where the caller will not do any type checking and will pass them all using the variadic calling convention.

    Any code that uses these is almost certainly doing so accidentally and is almost always a sign of a bug (every time I’ve seen them in real-world code, it’s been fixing a bug that their accidental use introduced).

    Clang 15 made these things errors by default. This is fine in most cases but, unfortunately, GNU autoconf remains a complete disaster and emits code that uses them in compile-test compilation units to check the existence of various things. These then fail with an error when compiled with clang and so the configure scripts all fail because they try to detect a thing and fail.

    1. 1

      I am not sure if autoconf actually emits those. It could very well be the case, but the cases I’ve seen where Clang 15.0.0 caused trouble where user generated code snippets. Those snippets are fed to autoconf (or any other build system, like meson) to see if the compiler is able to compile the snippet or if the system is able to execute the resulting binary. Typically the snippet would contain some feature or include statement to check if it is available on the target. Since they are snippets and programmers being lazy, the often would contain implicit function declarations, because, you know, they are faster to write.

      1. 1

        Several of the ones that I found and fixed previously were generated from the standard autoconf macros that check for the presence of a function. That was around the time that clang came out, so autoconf might have been improved since then.

    2. 1
      1. 1

        Oh, fun.

        Does anyone know what the security issue that they mention is?