build: Add new gcc error flags

These flags check for code that we don't want to write, so turn them
into error flags.

Variable length arrays should be replaced by malloc() - or explicit
alloca() calls if you know what you're doing.

Implicit fallthrough should be replaced by explicit fallthrough with the
usage of G_GNU_FALLTHROUGH.

This work inspired by Kees Cook's LCA2019 talk:
https://www.youtube.com/watch?v=FY9SbqTO5GQ
http://outflux.net/slides/2019/lca/danger.pdf

diff --git a/meson.build b/meson.build
index 9ef548391257253118c7c3edf9875120fd3e831c..2060fea5a1af94874878f3b7d7aa29b2b3ba76fa 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -252,6 +252,7 @@ elif cc.get_id() == 'gcc' or cc.get_id() == 'clang'
     '-Werror=array-bounds',
     '-Werror=empty-body',
     '-Werror=implicit',
+    '-Werror=implicit-fallthrough',
     '-Werror=init-self',
     '-Werror=int-to-pointer-cast',
     '-Werror=main',
@@ -264,6 +265,7 @@ elif cc.get_id() == 'gcc' or cc.get_id() == 'clang'
     '-Werror=return-type',
     '-Werror=sequence-point',
     '-Werror=trigraphs',
+    '-Werror=vla',
     '-Werror=write-strings',
   ]
 else