my @result = ();
foreach my $flag (@flags) {
# Compile flag regexp for faster execution.
- my $regex = qr/\s$flag(?:\s|\\)/;
+ my $regex = qr/\s(['"]?)$flag\1(?:\s|\\)/;
# Store flag name in replacement string for correct flags in messages
# with qr//ed flag regexps.
$complete_line = undef;
}
+ my $noenv = $line;
+ # Strip (basic) environment variables for compiler detection. This
+ # prevents false positives when environment variables contain
+ # compiler binaries. Nested quotes, command substitution, etc. is
+ # not supported.
+ $noenv =~ s/^
+ \s*
+ (?:
+ [a-zA-Z_]+ # environment variable name
+ =
+ (?:
+ [^\s"'\$`\\]+ # non-quoted string
+ |
+ '[^"'\$`\\]*' # single-quoted string
+ |
+ "[^"'\$`\\]*" # double-quoted string
+ )
+ \s+
+ )*
+ //x;
# Ignore lines with no compiler commands.
next if not $non_verbose
- and not $line =~ /$cc_regex_normal/o;
+ and not $noenv =~ /$cc_regex_normal/o;
# Ignore lines with no filenames with extensions. May miss some
# non-verbose builds (e.g. "gcc -o test" [sic!]), but shouldn't be
# a problem as the log will most likely contain other non-verbose
next if $line =~ /^C\+\+ linker for the host machine: /;
# Embedded `gcc -print-*` commands
next if $line =~ /`$cc_regex_normal\s*[^`]*-print-\S+`/;
+ # cmake checking for compiler flags without setting CPPFLAGS
+ next if $line =~ m{^\s*/usr/(bin|lib)/(ccache/)?c\+\+ -dM -E -c /usr/share/cmake-\S+/Modules/CMakeCXXCompilerABI\.cpp};
# Check if additional hardening options were used. Used to ensure
# they are used for the complete build.