[clang] [Docs] Mention security of libclang (PR #149357)
via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 17 09:54:07 PDT 2025
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-clang
Author: Aaron Ballman (AaronBallman)
<details>
<summary>Changes</summary>
Libclang is a wrapper around the Clang frontend, and frontends are not security-sensitive components of the LLVM project. However, libclang is often embedded in people's downstream tools, so it's best to mention that explicitly.
---
Full diff: https://github.com/llvm/llvm-project/pull/149357.diff
1 Files Affected:
- (modified) clang/docs/LibClang.rst (+6)
``````````diff
diff --git a/clang/docs/LibClang.rst b/clang/docs/LibClang.rst
index 6c2b11ac7fc23..e747022b9c173 100644
--- a/clang/docs/LibClang.rst
+++ b/clang/docs/LibClang.rst
@@ -404,3 +404,9 @@ following situations are explicitly unsupported:
compatible across library versions.
* For the same reason as above, serializing objects from one version of the
library and deserializing with a different version is also not supported.
+
+Note: because libclang is a wrapper around the compiler frontend, it is not a
+`security-sensitive component`_ of the LLVM Project. Consider using a sandbox
+or some other mitigation approach if processing untrusted input.
+
+.. _security-sensitive component: https://llvm.org/docs/Security.html#what-is-considered-a-security-issue
``````````
</details>
https://github.com/llvm/llvm-project/pull/149357
More information about the cfe-commits
mailing list