| Message ID | 1262223266-19191-5-git-send-email-kirill@shutemov.name |
|---|---|
| State | New |
| Headers | show |
"Kirill A. Shutemov" <kirill@shutemov.name> writes: Hi, > -fstack-protector-all emit extra code to check for buffer overflows, > such as stack smashing attacks. This is done by adding a guard > variable to functions with vulnerable objects. > > Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> > --- > configure | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/configure b/configure > index 0cdcdb3..16b70d8 100755 > --- a/configure > +++ b/configure > @@ -98,6 +98,7 @@ QEMU_CFLAGS="-Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes $ > QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS" > QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS" > QEMU_CFLAGS="-D_FORTIFY_SOURCE=2 $QEMU_CFLAGS" > +QEMU_CFLAGS="-fstack-protector-all $QEMU_CFLAGS" afaik not all arches out there are supporting -fstack-protector-all (to be more precise, some have no stack protector support at all). iirc, gcc will emit a warning and still compile but would be nice to avoid a warning. Arnaud
On Thu, Dec 31, 2009 at 12:58 PM, Arnaud Patard <arnaud.patard@rtp-net.org> wrote: > "Kirill A. Shutemov" <kirill@shutemov.name> writes: > Hi, > >> -fstack-protector-all emit extra code to check for buffer overflows, >> such as stack smashing attacks. This is done by adding a guard >> variable to functions with vulnerable objects. >> >> Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> >> --- >> configure | 1 + >> 1 files changed, 1 insertions(+), 0 deletions(-) >> >> diff --git a/configure b/configure >> index 0cdcdb3..16b70d8 100755 >> --- a/configure >> +++ b/configure >> @@ -98,6 +98,7 @@ QEMU_CFLAGS="-Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes $ >> QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS" >> QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS" >> QEMU_CFLAGS="-D_FORTIFY_SOURCE=2 $QEMU_CFLAGS" >> +QEMU_CFLAGS="-fstack-protector-all $QEMU_CFLAGS" > > afaik not all arches out there are supporting > -fstack-protector-all (to be more precise, some have no stack protector > support at all). iirc, gcc will emit a warning and still compile > but would be nice to avoid a warning. Thanks. Will be fixed.
diff --git a/configure b/configure index 0cdcdb3..16b70d8 100755 --- a/configure +++ b/configure @@ -98,6 +98,7 @@ QEMU_CFLAGS="-Wall -Wundef -Wendif-labels -Wwrite-strings -Wmissing-prototypes $ QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS" QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS" QEMU_CFLAGS="-D_FORTIFY_SOURCE=2 $QEMU_CFLAGS" +QEMU_CFLAGS="-fstack-protector-all $QEMU_CFLAGS" QEMU_CFLAGS="-I. -I\$(SRC_PATH) $QEMU_CFLAGS" LDFLAGS="-g $LDFLAGS"
-fstack-protector-all emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> --- configure | 1 + 1 files changed, 1 insertions(+), 0 deletions(-)