Consider hardening check_c_source_compiles
It appears that check_c_source_compiles
was involved in the xz vulnerability
https://news.ycombinator.com/item?id=39874404
It seems like the typical use should be a hard failure if the code is a syntax error rather than a failure to include headers. I’m sure this isn’t trivial and I’m sure this is fraught with issues, but a one-character “.” that should cause an “unexpected identifier” error shouldn’t silently make a check go false: it should result in a hard failure.