claunia/flac
1
0
Fork 0
mirror of https://github.com/claunia/flac.git synced 2025-12-16 18:54:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmake/configure.ac: Enable -fstack-protector-strong by default

Browse Source 
This commit contains the following changes:

- Drops -fstack-protector in favor of -fstack-protector-strong.
  Consequently, the ssp-buffer-size parameter has been removed as
  -fstack-protector-strong ignores array size.

- Add new global opt-out for stack smash protection. This is enabled
  by default for both autotools and CMake builds. Users can opt out
  of stack smash protection by passing -DWITH_STACK_PROTECTOR=OFF to
  CMake or --disable-stack-smash-protection when running ./configure.

- Renames HAVE_SSP_FLAG to HAVE_STACK_PROTECTOR_FLAG in
  CMakeLists.txt to be more readable.
This commit is contained in:
NotTsunami
2019-11-19 16:28:22 -05:00
committed by Erik de Castro Lopo
parent 1640e10e43
commit f706f28322
3 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
CMakeLists.txt
View File

@@ -15,6 +15,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
option(BUILD_CXXLIBS "Build libFLAC++" ON) option(BUILD_CXXLIBS "Build libFLAC++" ON)
option(BUILD_EXAMPLES "Build and install examples" ON) option(BUILD_EXAMPLES "Build and install examples" ON)
option(BUILD_DOCS "Build and install doxygen documents" ON) option(BUILD_DOCS "Build and install doxygen documents" ON)
option(WITH_STACK_PROTECTOR "Enable GNU GCC stack smash protection" ON)
option(WITH_OGG "ogg support (default: test for libogg)" ON) option(WITH_OGG "ogg support (default: test for libogg)" ON)
if(WITH_OGG) if(WITH_OGG)
@@ -24,8 +25,6 @@ endif()
if(CMAKE_C_COMPILER_ID MATCHES "GNU|Clang") if(CMAKE_C_COMPILER_ID MATCHES "GNU|Clang")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wstrict-prototypes -Wmissing-prototypes -Waggregate-return -Wcast-align -Wnested-externs -Wshadow -Wundef -Wmissing-declarations -Winline") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wstrict-prototypes -Wmissing-prototypes -Waggregate-return -Wcast-align -Wnested-externs -Wshadow -Wundef -Wmissing-declarations -Winline")
set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -O3 -funroll-loops") set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -O3 -funroll-loops")
option(ENABLE_SSP "Enable GNU GCC stack smash protection" OFF)
endif() endif()
if(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang") if(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -Wcast-align -Wshadow -Wwrite-strings -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wsign-promo -Wundef") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -Wcast-align -Wshadow -Wwrite-strings -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wsign-promo -Wundef")
@@ -62,10 +61,15 @@ test_big_endian(CPU_IS_BIG_ENDIAN)
check_c_compiler_flag(-Werror HAVE_WERROR_FLAG) check_c_compiler_flag(-Werror HAVE_WERROR_FLAG)
check_c_compiler_flag(-Wdeclaration-after-statement HAVE_DECL_AFTER_STMT_FLAG) check_c_compiler_flag(-Wdeclaration-after-statement HAVE_DECL_AFTER_STMT_FLAG)
check_c_compiler_flag("-fstack-protector --param ssp-buffer-size=4" HAVE_SSP_FLAG)
check_c_compiler_flag(-mstackrealign HAVE_STACKREALIGN_FLAG) check_c_compiler_flag(-mstackrealign HAVE_STACKREALIGN_FLAG)
check_cxx_compiler_flag(-Weffc++ HAVE_WEFFCXX_FLAG) check_cxx_compiler_flag(-Weffc++ HAVE_WEFFCXX_FLAG)
if(WITH_STACK_PROTECTOR)
if(NOT MSVC)
check_c_compiler_flag("-fstack-protector-strong" HAVE_STACK_PROTECTOR_FLAG)
endif()
endif()
if(HAVE_WERROR_FLAG) if(HAVE_WERROR_FLAG)
option(ENABLE_WERROR "Enable -Werror in all Makefiles" OFF) option(ENABLE_WERROR "Enable -Werror in all Makefiles" OFF)
endif() endif()
@@ -74,12 +78,13 @@ add_compile_options(
$<$<BOOL:${MSVC}>:/wd4267> $<$<BOOL:${MSVC}>:/wd4267>
$<$<BOOL:${MSVC}>:/wd4996> $<$<BOOL:${MSVC}>:/wd4996>
$<$<BOOL:${ENABLE_WERROR}>:-Werror> $<$<BOOL:${ENABLE_WERROR}>:-Werror>
$<$<AND:$<BOOL:${HAVE_SSP_FLAG}>,$<BOOL:${ENABLE_SSP}>>:-fstack-protector>
$<$<AND:$<BOOL:${HAVE_SSP_FLAG}>,$<BOOL:${ENABLE_SSP}>>:--param>
$<$<AND:$<BOOL:${HAVE_SSP_FLAG}>,$<BOOL:${ENABLE_SSP}>>:ssp-buffer-size=4>
$<$<AND:$<COMPILE_LANGUAGE:CXX>,$<BOOL:${HAVE_WEFFCXX_FLAG}>>:-Weffc++> $<$<AND:$<COMPILE_LANGUAGE:CXX>,$<BOOL:${HAVE_WEFFCXX_FLAG}>>:-Weffc++>
$<$<AND:$<COMPILE_LANGUAGE:C>,$<BOOL:${HAVE_DECL_AFTER_STMT_FLAG}>>:-Wdeclaration-after-statement>) $<$<AND:$<COMPILE_LANGUAGE:C>,$<BOOL:${HAVE_DECL_AFTER_STMT_FLAG}>>:-Wdeclaration-after-statement>)
if(HAVE_STACK_PROTECTOR_FLAG)
add_compile_options(-fstack-protector-strong)
endif()
if(CMAKE_SYSTEM_PROCESSOR STREQUAL "i686" AND HAVE_STACKREALIGN_FLAG) if(CMAKE_SYSTEM_PROCESSOR STREQUAL "i686" AND HAVE_STACKREALIGN_FLAG)
add_compile_options(-mstackrealign) add_compile_options(-mstackrealign)
endif() endif()

7
configure.ac
View File

@@ -310,8 +310,10 @@ AC_SUBST(FLAC__TEST_LEVEL)
AC_ARG_ENABLE(werror, AC_ARG_ENABLE(werror,
AC_HELP_STRING([--enable-werror], [Enable -Werror in all Makefiles])) AC_HELP_STRING([--enable-werror], [Enable -Werror in all Makefiles]))
AC_ARG_ENABLE(stack-smash-protection, AC_ARG_ENABLE([stack-smash-protection],
AC_HELP_STRING([--enable-stack-smash-protection], [Enable GNU GCC stack smash protection])) [AS_HELP_STRING([--disable-stack-smash-protection],[Disable GNU GCC stack smash protection])],,
[AS_IF([test "$ac_cv_c_compiler_gnu" = "yes" && test "$os_is_windows" = "no"],
[enable_stack_smash_protection=yes],[enable_stack_smash_protection=no])])
AC_ARG_ENABLE(64-bit-words, AC_ARG_ENABLE(64-bit-words,
AC_HELP_STRING([--enable-64-bit-words], [Set FLAC__BYTES_PER_WORD to 8 (4 is the default)])) AC_HELP_STRING([--enable-64-bit-words], [Set FLAC__BYTES_PER_WORD to 8 (4 is the default)]))
@@ -627,5 +629,6 @@ fi
echo " SSE optimizations : ....................... ${sse_os}" echo " SSE optimizations : ....................... ${sse_os}"
echo " Asm optimizations : ....................... ${asm_optimisation}" echo " Asm optimizations : ....................... ${asm_optimisation}"
echo " Ogg/FLAC support : ........................ ${have_ogg}" echo " Ogg/FLAC support : ........................ ${have_ogg}"
echo " Stack protector : ........................ ${enable_stack_smash_protection}"
echo " Fuzzing support (Clang only) : ............ ${have_oss_fuzzers}" echo " Fuzzing support (Clang only) : ............ ${have_oss_fuzzers}"
echo echo

6
m4/stack_protect.m4
View File

@@ -27,7 +27,7 @@ dnl LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
dnl NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS dnl NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
dnl Want to know of GCC stack protector works, botfor the C and for the C++ dnl We want to know if GCC stack protector works, for the C and for the C++
dnl compiler. dnl compiler.
dnl dnl
dnl Just checking if the compiler accepts the required CFLAGSs is not enough dnl Just checking if the compiler accepts the required CFLAGSs is not enough
@@ -41,7 +41,7 @@ AC_DEFUN([XIPH_GCC_STACK_PROTECTOR],
[AC_LANG_ASSERT(C) [AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $CC supports stack smash protection]) AC_MSG_CHECKING([if $CC supports stack smash protection])
xiph_stack_check_old_cflags="$CFLAGS" xiph_stack_check_old_cflags="$CFLAGS"
SSP_FLAGS="-fstack-protector --param ssp-buffer-size=4" SSP_FLAGS="-fstack-protector-strong"
CFLAGS=$SSP_FLAGS CFLAGS=$SSP_FLAGS
AC_TRY_LINK([ AC_TRY_LINK([
#include <stdio.h> #include <stdio.h>
@@ -58,7 +58,7 @@ AC_DEFUN([XIPH_GXX_STACK_PROTECTOR],
[AC_LANG_PUSH([C++]) [AC_LANG_PUSH([C++])
AC_MSG_CHECKING([if $CXX supports stack smash protection]) AC_MSG_CHECKING([if $CXX supports stack smash protection])
xiph_stack_check_old_cflags="$CFLAGS" xiph_stack_check_old_cflags="$CFLAGS"
SSP_FLAGS="-fstack-protector --param ssp-buffer-size=4" SSP_FLAGS="-fstack-protector-strong"
CFLAGS=$SSP_FLAGS CFLAGS=$SSP_FLAGS
AC_TRY_LINK([ AC_TRY_LINK([
#include <cstdio> #include <cstdio>