X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=bin%2Fblhc;h=7b228ec13acc2eaa44ca83ad1ce98aede4744265;hb=76345db813476d45ab2cd8cce0c728314a24bfa9;hp=f1580217aaf64f94c482c63d9339cb84d10afed6;hpb=6983b7ad21bf01caa6730986502bd17f556da02e;p=blhc%2Fblhc.git

diff --git a/bin/blhc b/bin/blhc
index f158021..7b228ec 100755
--- a/bin/blhc
+++ b/bin/blhc
@@ -31,9 +31,16 @@ our $VERSION = '0.01';
 # CONSTANTS/VARIABLES
 
 # Regex to catch compiler commands.
-my $cc_regex = qr/(?:[a-z0-9_]+-(?:linux-|kfreebsd-)?gnu(?:eabi|eabihf)?-)?
-                  (?<!\.)(?:cc|gcc|g\+\+|c\+\+)
-                  (?:-[\d.]+)?/x;
+my $cc_regex = qr/
+    (?<!\.)(?:cc|gcc|g\+\+|c\+\+)
+    (?:-[\d.]+)?
+    /x;
+# Full regex which matches the complete compiler name. Used in a few places to
+# prevent false negatives.
+my $cc_regex_full = qr/
+    (?:[a-z0-9_]+-(?:linux-|kfreebsd-)?gnu(?:eabi|eabihf)?-)?
+    $cc_regex
+    /x;
 # Regex to catch (GCC) compiler warnings.
 my $warning_regex = qr/^(.+?):([0-9]+):[0-9]+: warning: (.+?) \[(.+?)\]$/;
 
@@ -404,12 +411,6 @@ FILE: foreach my $file (@ARGV) {
     my $harden_bindnow = $option_bindnow; # defaults to 0
     my $harden_pie     = $option_pie;     # defaults to 0
 
-    # Input lines, contain only the lines with compiler commands.
-    my @input = ();
-
-    my $start = 0;
-    my $continuation = 0;
-    my $complete_line = undef;
     while (my $line = <$fh>) {
         # dpkg-buildflags only provides hardening flags since 1.16.1, don't
         # check for hardening flags in buildd mode if an older dpkg-dev is
@@ -417,8 +418,7 @@ FILE: foreach my $file (@ARGV) {
         #
         # Packages which were built before 1.16.1 but used their own hardening
         # flags are not checked.
-        if ($option_buildd and not $start
-                and $line =~ /^Toolchain package versions: /) {
+        if ($option_buildd and $line =~ /^Toolchain package versions: /) {
             require Dpkg::Version;
             if ($line !~ /dpkg-dev_(\S+)/
                     or Dpkg::Version::version_compare($1, '1.16.1') < 0) {
@@ -433,7 +433,7 @@ FILE: foreach my $file (@ARGV) {
 
         # If hardening wrapper is used (wraps calls to gcc and adds hardening
         # flags automatically) we can't perform any checks, abort.
-        if (not $start and $line =~ /^Build-Depends: .*\bhardening-wrapper\b/) {
+        if ($line =~ /^Build-Depends: .*\bhardening-wrapper\b/) {
             error_hardening_wrapper();
             $exit |= 1 << 4;
             next FILE;
@@ -441,8 +441,15 @@ FILE: foreach my $file (@ARGV) {
 
         # We skip over unimportant lines at the beginning of the log to
         # prevent false positives.
-        $start = 1 if $line =~ /^dpkg-buildpackage:/;
-        next if not $start;
+        last if $line =~ /^dpkg-buildpackage:/;
+    }
+
+    # Input lines, contain only the lines with compiler commands.
+    my @input = ();
+
+    my $continuation = 0;
+    my $complete_line = undef;
+    while (my $line = <$fh>) {
         # And stop at the end of the build log. Package details (reported by
         # the buildd logs) are not important for us. This also prevents false
         # positives.
@@ -518,10 +525,10 @@ FILE: foreach my $file (@ARGV) {
                         and $line =~ /^(?:checking|(?:C|c)onfigure:) /;
                 next if $line =~ /^\s*(?:Host\s+)?(?:C\s+)?
                                    (?:C|c)ompiler[\s.]*:?\s+
-                                   $cc_regex
+                                   $cc_regex_full
                                    (?:\s-std=[a-z0-9:+]+)?\s*$
                                  /xo
-                        or $line =~ /^\s*(?:- )?(?:HOST_)?(?:CC|CXX)\s*=\s*$cc_regex\s*$/o
+                        or $line =~ /^\s*(?:- )?(?:HOST_)?(?:CC|CXX)\s*=\s*$cc_regex_full\s*$/o
                         or $line =~ /^\s*-- Check for working (?:C|CXX) compiler: /
                         or $line =~ /^\s*(?:echo )?Using [A-Z_]+\s*=\s*/;
                 # `make` output.