Fix false positive in "gcc > file"

diff --git a/NEWS b/NEWS
index 8f6731cbc8e7f5e4bef2931e4ad43357ae5c319d..2f964cb564ae362da3e1d8043e412424b1462932 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ Version 0.XX
 ------------
 
 - Sync architecture specific hardening support with dpkg 1.18.10.
+- Fix false positive in "gcc > file" (Debian Bug #828789), reported by Mathieu
+  Parent.
 
 
 Version 0.06

diff --git a/bin/blhc b/bin/blhc
index 838f3c35a777c0f03aad99b6975970b7d0ccc77f..c4e814c0cae8275355fdea6ca996170982c9a90f 100755 (executable)
--- a/bin/blhc
+++ b/bin/blhc
@@ -972,6 +972,8 @@ foreach my $file (@ARGV) {
             # look like a compiler executable thus causing the line to be
             # treated as a normal compiler line.
             next if $line =~ m{^\s*rm\s+};
+            # Some build systems emit "gcc > file".
+            next if $line =~ m{$cc_regex_normal\s*>\s*\S+};
 
             # Check if additional hardening options were used. Used to ensure
             # they are used for the complete build.

diff --git a/t/logs/false-positives b/t/logs/false-positives
index c7487f7763e1c96bfc6364b4be94f8dadd8106a1..0a6099d914b5351ffc20bbbc55267877784de60a 100644 (file)
--- a/t/logs/false-positives
+++ b/t/logs/false-positives
@@ -11,6 +11,8 @@ rm -f afl-gcc afl-as afl-fuzz afl-showmap as afl-g++ afl-clang afl-clang++ *.o *
 # "Missing" flags in comments should be ignored.
 # gcc -E tag_tree.list does not work, so use a .c name
 
+19:49:25 runner  ../source3/script/build_env.sh /build/samba-4.4.4+dfsg/source3 /build/samba-4.4.4+dfsg/source3 /usr/bin/gcc > default/source3/include/build_env.h
+
 # gcc -v can cause false positives.
 cd GUI && qmake
 /usr/bin/make -C GUI