Skip to content

[Docs] Mention security of libclang #149357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 17, 2025
Merged

[Docs] Mention security of libclang #149357

merged 1 commit into from
Jul 17, 2025

Conversation

@AaronBallman
Copy link
Collaborator

@AaronBallman AaronBallman commented Jul 17, 2025

Libclang is a wrapper around the Clang frontend, and frontends are not security-sensitive components of the LLVM project. However, libclang is often embedded in people's downstream tools, so it's best to mention that explicitly.

@AaronBallman
[Docs] Mention security of libclang
671e408 
Libclang is a wrapper around the Clang frontend, and frontends are not
security-sensitive components of the LLVM project. However, libclang is
often embedded in people's downstream tools, so it's best to mention
that explicitly.
@AaronBallman AaronBallman requested a review from kbeyls July 17, 2025 16:53
@llvmbot llvmbot added the clang Clang issues not falling into any other category label Jul 17, 2025
@llvmbot
Copy link
Member

llvmbot commented Jul 17, 2025

@llvm/pr-subscribers-clang

Author: Aaron Ballman (AaronBallman)

Changes

Libclang is a wrapper around the Clang frontend, and frontends are not security-sensitive components of the LLVM project. However, libclang is often embedded in people's downstream tools, so it's best to mention that explicitly.

Full diff: https://github.com/llvm/llvm-project/pull/149357.diff

1 Files Affected:

  • (modified) clang/docs/LibClang.rst (+6)
diff --git a/clang/docs/LibClang.rst b/clang/docs/LibClang.rst
index 6c2b11ac7fc23..e747022b9c173 100644
--- a/clang/docs/LibClang.rst
+++ b/clang/docs/LibClang.rst
@@ -404,3 +404,9 @@ following situations are explicitly unsupported:
   compatible across library versions.
 * For the same reason as above, serializing objects from one version of the
   library and deserializing with a different version is also not supported.
+
+Note: because libclang is a wrapper around the compiler frontend, it is not a
+`security-sensitive component`_ of the LLVM Project. Consider using a sandbox
+or some other mitigation approach if processing untrusted input.
+
+.. _security-sensitive component: https://llvm.org/docs/Security.html#what-is-considered-a-security-issue

kbeyls
kbeyls approved these changes Jul 17, 2025
View reviewed changes
Copy link
Collaborator

@kbeyls kbeyls left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@AaronBallman AaronBallman merged commit 163da87 into llvm:main Jul 17, 2025
14 checks passed
@AaronBallman AaronBallman deleted the aballman-libclang-security branch July 17, 2025 17:34
@tru tru mentioned this pull request Jul 17, 2025
Merged
This was referenced Jul 23, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbeyls kbeyls kbeyls approved these changes

Assignees

No one assigned

Labels

clang:as-a-library libclang and C++ API clang Clang issues not falling into any other category documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AaronBallman @llvmbot @kbeyls