Everywhere: Build with -fstack-clash-protection

This option causes GCC to generate code to prevent "stack clash" style
attacks where a very large stack allocation is used in to jump over the
stack guard page and into whatever's next to it.
This commit is contained in:
Andreas Kling 2021-02-19 09:11:02 +01:00
parent 1e6d04c746
commit 7142562310
Notes: sideshowbarker 2024-07-18 22:09:21 +09:00

View file

@ -154,6 +154,7 @@ set(CMAKE_CXX_LINK_FLAGS "-Wl,--hash-style=gnu,-z,relro,-z,now")
set(CMAKE_SKIP_RPATH TRUE) set(CMAKE_SKIP_RPATH TRUE)
add_compile_options(-Os -g1 -fno-exceptions -fstack-protector-strong -Wno-address-of-packed-member -Wundef -Wcast-qual -Wwrite-strings -Wimplicit-fallthrough -Wno-nonnull-compare -Wno-deprecated-copy -Wno-expansion-to-defined) add_compile_options(-Os -g1 -fno-exceptions -fstack-protector-strong -Wno-address-of-packed-member -Wundef -Wcast-qual -Wwrite-strings -Wimplicit-fallthrough -Wno-nonnull-compare -Wno-deprecated-copy -Wno-expansion-to-defined)
add_compile_options(-fstack-clash-protection)
add_compile_options(-ffile-prefix-map=${CMAKE_SOURCE_DIR}=.) add_compile_options(-ffile-prefix-map=${CMAKE_SOURCE_DIR}=.)
add_compile_definitions(DEBUG SANITIZE_PTRS) add_compile_definitions(DEBUG SANITIZE_PTRS)