もっと詳しく

David Malcolm describes
some GCC improvements
to defend against bidirectional-text attacks in
source code.

My colleague Marek Polacek and I implemented a new warning for GCC
12, -Wbidi-chars, for detecting Trojan Source attacks involving
Unicode control characters. Marek implemented the guts of the
warning, but when I tried it out on the examples provided by the
Trojan Source researchers, I found I had trouble understanding the
initial results—precisely because of the obfuscation itself.

So for GCC 12, I’ve added a new flag to GCC diagnostics, indicating
that the diagnostic itself relates to source code encoding. When
any such diagnostic is printed, GCC will now escape non-ASCII
characters in the source code.