[clang] 163da87 - [Docs] Mention security of libclang (#149357)
via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 17 10:34:55 PDT 2025
Author: Aaron Ballman
Date: 2025-07-17T13:34:52-04:00
New Revision: 163da8796bed51f82d7c07d0ac6db6de7879bd21
URL: https://github.com/llvm/llvm-project/commit/163da8796bed51f82d7c07d0ac6db6de7879bd21
DIFF: https://github.com/llvm/llvm-project/commit/163da8796bed51f82d7c07d0ac6db6de7879bd21.diff
LOG: [Docs] Mention security of libclang (#149357)
Libclang is a wrapper around the Clang frontend, and frontends are not
security-sensitive components of the LLVM project. However, libclang is
often embedded in people's downstream tools, so it's best to mention
that explicitly.
Added:
Modified:
clang/docs/LibClang.rst
Removed:
################################################################################
diff --git a/clang/docs/LibClang.rst b/clang/docs/LibClang.rst
index 6c2b11ac7fc23..e747022b9c173 100644
--- a/clang/docs/LibClang.rst
+++ b/clang/docs/LibClang.rst
@@ -404,3 +404,9 @@ following situations are explicitly unsupported:
compatible across library versions.
* For the same reason as above, serializing objects from one version of the
library and deserializing with a
diff erent version is also not supported.
+
+Note: because libclang is a wrapper around the compiler frontend, it is not a
+`security-sensitive component`_ of the LLVM Project. Consider using a sandbox
+or some other mitigation approach if processing untrusted input.
+
+.. _security-sensitive component: https://llvm.org/docs/Security.html#what-is-considered-a-security-issue
More information about the cfe-commits
mailing list