[gdal-dev] Memory safe GDAL experiment using Fil-C
Even Rouault
even.rouault at spatialys.com
Wed Dec 11 16:37:54 PST 2024
Hi,
I've discovered the Fil-C project, hosted at
https://github.com/pizlonator/llvm-project-deluge, which offers a
modified clang toolchain and instrumented libc that brings memory safety
to the C/C++ ecosystem with little changes in source code and build
scripts. I've given it a try and that seems promising. With a few small
patches here and there to remove some iffy / unusual uses of C in PROJ
and GDAL that Fil-C doesn't understand well yet, or adapt build scripts
of libzstd (although it seems broken at runtime) and libtiff, I've
managed to get a GDAL build functional enough to read & write GeoTIFF
and GeoPackage, and presumably more. Obviously there's a price to pay,
and I did notice the x2 to x4 runtime slowdown mentioned by the project.
But that could still be of interest for the most security minded people
who haven't yet had the time to rewrite the whole stack in Rust :-)
How to build such hardened GDAL? Rough procedure (which is probably
slightly broken since I didn't repeat it from scratch):
git clone https://github.com/rouault/llvm-project-deluge --branch gdal
cd llvm-project-deluge
docker run --rm -it -v $PWD:/work ubuntu:24.04
cd /work
./build_gdal_all.sh # and wait for a few hours
You should get your binaries in /work/pizfix/bin
Even
--
http://www.spatialys.com
My software is free, but my time generally not.
Butcher of all kinds of standards, open or closed formats. At the end, this is just about bytes.
More information about the gdal-dev
mailing list