cmake: Build with -fstack-protector-strong if available #2597

If not available, fall back to -fstack-protector + --param=ssp-buffer-size=4 If that isn't available, do nothing. See the following articles for more information: https://lwn.net/Articles/584225/ https://outflux.net/blog/archives/2014/01/27/fstack-protector-strong/
2024-12-19 18:55:14 -07:00 · 2015-08-26 18:00:33 -04:00 · 2015-08-26 18:00:33 -04:00 · 2b4cbbebf4
commit 2b4cbbebf4
parent b2ece148e6
1 changed files with 12 additions and 3 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -101,7 +101,7 @@ if(NOT HAS_ACCEPTABLE_FORTIFY)
  # Extract possible prefix to _FORTIFY_SOURCE (e.g. -Wp,-D_FORTIFY_SOURCE).
  STRING(REGEX MATCH "[^\ ]+-D_FORTIFY_SOURCE" _FORTIFY_SOURCE_PREFIX "${CMAKE_C_FLAGS}")
  STRING(REPLACE "-D_FORTIFY_SOURCE" "" _FORTIFY_SOURCE_PREFIX "${_FORTIFY_SOURCE_PREFIX}" )
-  if (NOT _FORTIFY_SOURCE_PREFIX STREQUAL "")
+  if(NOT _FORTIFY_SOURCE_PREFIX STREQUAL "")
    message(STATUS "Detected _FORTIFY_SOURCE Prefix=${_FORTIFY_SOURCE_PREFIX}.")
  endif()
  # -U in add_definitions doesn't end up in the correct spot, so we add it to
@ -112,11 +112,21 @@ endif()

 add_definitions(-Wall -Wextra -pedantic -Wno-unused-parameter
    -Wstrict-prototypes -std=gnu99)
-if (MINGW)
+if(MINGW)
  # Use POSIX compatible stdio in Mingw
  add_definitions(-D__USE_MINGW_ANSI_STDIO)
 endif()

+include(CheckCCompilerFlag)
+check_c_compiler_flag(-fstack-protector-strong HAS_FSTACK_PROTECTOR_STRONG_FLAG)
+check_c_compiler_flag(-fstack-protector HAS_FSTACK_PROTECTOR_FLAG)
+
+if(HAS_FSTACK_PROTECTOR_STRONG_FLAG)
+  add_definitions(-fstack-protector-strong)
+elseif(HAS_FSTACK_PROTECTOR_FLAG)
+  add_definitions(-fstack-protector --param ssp-buffer-size=4)
+endif()
+
 option(
  TRAVIS_CI_BUILD "Travis CI build.  Extra compilation flags will be set." OFF)

@ -126,7 +136,6 @@ if(TRAVIS_CI_BUILD)
 endif()

 if(CMAKE_COMPILER_IS_GNUCC)
-  include(CheckCCompilerFlag)
  check_c_compiler_flag(-Og HAS_OG_FLAG)
 else()
  set(HAS_OG_FLAG 0)