[Bug 2108968] Re: Enable -fzero-init-padding-bits=all, -Wbidi-chars=any

Julian Andres Klode 2108968 at bugs.launchpad.net
Thu Jul 3 09:42:00 UTC 2025 

** Tags removed: rls-pp-incoming
** Tags added: rls-qq-incoming

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dpkg in Ubuntu.
https://bugs.launchpad.net/bugs/2108968

Title:
  Enable -fzero-init-padding-bits=all, -Wbidi-chars=any

Status in dpkg package in Ubuntu:
  Confirmed
Status in gcc-15 package in Ubuntu:
  Triaged

Bug description:
  Hello, please consider this *untested* debdiff that I hope would
  enable -fzero-init-padding-bits=all and -Wbidi-chars=any in the
  Ubuntu-specific GCC specs.

  The first option, -fzero-init-padding-bits=all, is asking the compiler
  to zero out bits in unions and structs. GCC 15 moved to a more
  standards-compliant implementation
  https://gcc.gnu.org/gcc-15/changes.html -- we could bring back the GCC
  14 behavior with -fzero-init-padding-bits=unions but the option of
  zeroing even the unused padding bits is available to us now, I believe
  we should use it. https://gcc.gnu.org/onlinedocs/gcc/Code-Gen-
  Options.html#index-fzero-init-padding-bits_003dvalue

  The second option, -Wbidi-chars=any, brings no runtime security
  benefits. Instead, it will log instances of potentially malicious use
  of Unicode bidirectional characters that can mask malicious code from
  human inspection. I hope some day we could scrape the logs to discover
  abuse. https://best.openssf.org/Compiler-Hardening-Guides/Compiler-
  Options-Hardening-Guide-for-C-and-C++#enable-warnings-for-possibly-
  misleading-unicode-bidirectional-control-characters
  https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wbidi-
  chars_003d

  I tried to introduce -fhardened (
  https://bugs.launchpad.net/ubuntu/+source/gcc-14/+bug/2080267 ,
  https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-
  Hardening-Guide-for-C-and-C++#enable-pre-determined-set-of-hardening-
  options-in-gcc ) but ran into significant problems. We should have a
  conversation about it. I was really hoping -fhardened could address
  https://bugs.launchpad.net/ubuntu/+source/gcc-14/+bug/2078989 -- and I
  think it would -- but the -Whardened warning messages (
  https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-
  Hardening-Guide-for-C-and-C++#additional-considerations-6 ) are
  obnoxious enough that we can't possibly ship the implementation that I
  came up with.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/2108968/+subscriptions

More information about the foundations-bugs mailing list