Build option for OpenSSF Compiler Hardening Flags (onnx#7601)

andife · web-flow · commit b75eda1f91fa · 2026-01-26T13:18:22.000+01:00
### Motivation and Context I think we should implement the OpenSSF Compiler Hardening Flags to address the following requirement for the Silver Badge (https://www.bestpractices.dev/en/projects/3313/silver#security): Hardening mechanisms SHOULD be used in the software produced by the project so that software defects are less likely to result in security vulnerabilities. [hardening] Hardening mechanisms may include HTTP headers like Content Security Policy (CSP), compiler flags to mitigate attacks (such as -fstack-protector), or compiler flags to eliminate undefined behavior. For our purposes least privilege is not considered a hardening mechanism (least privilege is important, but separate). Fixes: onnx#6834 --------- Signed-off-by: Andreas Fehlner <fehlner@arcor.de>
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -156,7 +156,7 @@ jobs:
           DEBUG: ${{ matrix.debug_build }}
           ONNX_ML: ${{ matrix.onnx_ml }}
           ONNX_BUILD_TESTS: 1
-          CMAKE_ARGS: "-DONNX_WERROR=ON -DONNX_USE_ASAN=${{ matrix.debug_build }} -DONNX_USE_UNITY_BUILD=${{ matrix.unity_build }}"
+          CMAKE_ARGS: "-DONNX_WERROR=ON -DONNX_USE_ASAN=${{ matrix.debug_build }} -DONNX_USE_UNITY_BUILD=${{ matrix.unity_build }} -DONNX_HARDENING=ON"
 
       - name: Build and install ONNX - MacOS
         if: matrix.os == 'macos-latest'
@@ -166,7 +166,7 @@ jobs:
           DEBUG: ${{ matrix.debug_build }}
           ONNX_ML: ${{ matrix.onnx_ml }}
           ONNX_BUILD_TESTS: 1
-          CMAKE_ARGS: "-DONNX_WERROR=ON -DONNX_USE_UNITY_BUILD=${{ matrix.unity_build }}"
+          CMAKE_ARGS: "-DONNX_WERROR=ON -DONNX_USE_UNITY_BUILD=${{ matrix.unity_build }} -DONNX_HARDENING=ON"
 
       - name: Build and install ONNX - Windows
         if: startsWith(matrix.os,'windows')
@@ -176,7 +176,7 @@ jobs:
           DEBUG: ${{ matrix.debug_build }}
           ONNX_ML: ${{ matrix.onnx_ml }}
           ONNX_BUILD_TESTS: 1
-          CMAKE_ARGS: "-DONNX_WERROR=ON -DONNX_USE_PROTOBUF_SHARED_LIBS=OFF -DONNX_USE_LITE_PROTO=ON -DONNX_USE_UNITY_BUILD=${{ matrix.unity_build }}"
+          CMAKE_ARGS: "-DONNX_WERROR=ON -DONNX_USE_PROTOBUF_SHARED_LIBS=OFF -DONNX_USE_LITE_PROTO=ON -DONNX_USE_UNITY_BUILD=${{ matrix.unity_build }} -DONNX_HARDENING=ON"
 
       - name: pip freeze
         run: |
diff --git a/.github/workflows/manylinux/entrypoint.sh b/.github/workflows/manylinux/entrypoint.sh
@@ -46,7 +46,7 @@ source workflow_scripts/protobuf/build_protobuf_unix.sh "$(nproc)" "$(pwd)"/prot
 
 # set ONNX build environments
 export ONNX_ML=1
-export CMAKE_ARGS="-DONNX_USE_LITE_PROTO=ON"
+export CMAKE_ARGS="-DONNX_USE_LITE_PROTO=ON -DONNX_HARDENING=ON"
 
 $PIP_INSTALL_COMMAND -v -r requirements-release_build.txt || { echo "Installing Python requirements failed."; exit 1; }
 
diff --git a/.github/workflows/release_win.yml b/.github/workflows/release_win.yml
@@ -89,7 +89,7 @@ jobs:
         # Build ONNX wheel
         echo "Install ONNX"
         $Env:ONNX_ML = 1
-        $Env:CMAKE_ARGS = "-DONNX_USE_PROTOBUF_SHARED_LIBS=OFF -DONNX_USE_LITE_PROTO=ON -DONNX_WERROR=ON"
+        $Env:CMAKE_ARGS = "-DONNX_USE_PROTOBUF_SHARED_LIBS=OFF -DONNX_USE_LITE_PROTO=ON -DONNX_WERROR=ON -DONNX_HARDENING=ON"
 
         # Preview build logic (same for all arches)
         if ($env:BUILD_MODE -ne 'release') {
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -48,6 +48,7 @@ option(ONNX_WERROR "Build with Werror" OFF)
 option(ONNX_COVERAGE "Build with coverage instrumentation" OFF)
 option(ONNX_BUILD_TESTS "Build ONNX C++ APIs Tests" OFF)
 option(ONNX_USE_ASAN "Build ONNX with ASAN" OFF)
+option(ONNX_HARDENING "Build with compiler hardening flags (OpenSSF guidelines)" OFF)
 option(ONNX_USE_LITE_PROTO "Use lite protobuf instead of full." OFF)
 option(ONNX_DISABLE_EXCEPTIONS "Disable exception handling." OFF)
 option(ONNX_DISABLE_STATIC_REGISTRATION "Disable static registration for ONNX operator schemas." OFF)
diff --git a/cmake/Utils.cmake b/cmake/Utils.cmake
@@ -1,5 +1,84 @@
 # SPDX-License-Identifier: Apache-2.0
 #
+# Compiler hardening flags based on OpenSSF guidelines:
+# https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
+function(add_onnx_hardening_flags target)
+  if(NOT ONNX_HARDENING)
+    return()
+  endif()
+
+  if(MSVC)
+    # MSVC hardening flags
+    target_compile_options(${target} PRIVATE
+      /GS           # Buffer security check
+      /DYNAMICBASE  # ASLR
+      /NXCOMPAT     # Data Execution Prevention
+      /guard:cf     # Control Flow Guard
+    )
+    target_link_options(${target} PRIVATE
+      /DYNAMICBASE
+      /NXCOMPAT
+      /GUARD:CF
+    )
+  else()
+    # GCC/Clang hardening compile flags
+    target_compile_options(${target} PRIVATE
+      -Wformat
+      -Wformat=2
+      -Wimplicit-fallthrough
+      -Werror=format-security
+      -fstack-protector-strong
+    )
+
+    # _FORTIFY_SOURCE requires optimization and conflicts with sanitizers
+    if(NOT ONNX_USE_ASAN)
+      target_compile_options(${target} PRIVATE
+        -U_FORTIFY_SOURCE
+        -D_FORTIFY_SOURCE=3
+      )
+    endif()
+
+    # C++ standard library assertions
+    target_compile_definitions(${target} PRIVATE _GLIBCXX_ASSERTIONS)
+
+    # Stack clash protection (Linux only - not supported on macOS)
+    if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+      include(CheckCXXCompilerFlag)
+      check_cxx_compiler_flag(-fstack-clash-protection COMPILER_SUPPORTS_STACK_CLASH)
+      if(COMPILER_SUPPORTS_STACK_CLASH)
+        target_compile_options(${target} PRIVATE -fstack-clash-protection)
+      endif()
+    endif()
+
+    # Control-flow protection for x86_64 (Linux only - not supported on macOS)
+    if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64|amd64|AMD64")
+      include(CheckCXXCompilerFlag)
+      check_cxx_compiler_flag(-fcf-protection=full COMPILER_SUPPORTS_CF_PROTECTION)
+      if(COMPILER_SUPPORTS_CF_PROTECTION)
+        target_compile_options(${target} PRIVATE -fcf-protection=full)
+      endif()
+    endif()
+
+    # Branch protection for AArch64 (Linux only - macOS uses different mechanism)
+    if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64|arm64|ARM64")
+      include(CheckCXXCompilerFlag)
+      check_cxx_compiler_flag(-mbranch-protection=standard COMPILER_SUPPORTS_BRANCH_PROTECTION)
+      if(COMPILER_SUPPORTS_BRANCH_PROTECTION)
+        target_compile_options(${target} PRIVATE -mbranch-protection=standard)
+      endif()
+    endif()
+
+    # Linker hardening flags (Linux only, not macOS)
+    if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
+      target_link_options(${target} PRIVATE
+        -Wl,-z,noexecstack
+        -Wl,-z,relro
+        -Wl,-z,now
+      )
+    endif()
+  endif()
+endfunction()
+
 # Add MSVC RunTime Flag
 function(add_msvc_runtime_flag lib)
   if(ONNX_USE_MSVC_STATIC_RUNTIME)
@@ -74,4 +153,7 @@ function(add_onnx_compile_options target)
   if(CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 9.0)
     target_link_libraries(${target} PRIVATE "-lstdc++fs")
   endif()
+
+  # Apply hardening flags if enabled
+  add_onnx_hardening_flags(${target})
 endfunction()
diff --git a/cmake/summary.cmake b/cmake/summary.cmake
@@ -22,6 +22,7 @@ function(onnx_print_configuration_summary)
   message(STATUS "  ONNX_DISABLE_EXCEPTIONS           : ${ONNX_DISABLE_EXCEPTIONS}")
   message(STATUS "  ONNX_DISABLE_STATIC_REGISTRATION  : ${ONNX_DISABLE_STATIC_REGISTRATION}")
   message(STATUS "  ONNX_WERROR                       : ${ONNX_WERROR}")
+  message(STATUS "  ONNX_HARDENING                    : ${ONNX_HARDENING}")
   message(STATUS "  ONNX_BUILD_TESTS                  : ${ONNX_BUILD_TESTS}")
   message(STATUS "  ONNX_USE_UNITY_BUILD              : ${ONNX_USE_UNITY_BUILD}")
   message(STATUS "  BUILD_SHARED_LIBS                 : ${BUILD_SHARED_LIBS}")
diff --git a/onnx/common/assertions.cc b/onnx/common/assertions.cc
@@ -22,8 +22,17 @@ std::string barf(const char* fmt, ...) {
 
   va_start(args, fmt);
 
-  // use fixed length for buffer "msg" to avoid buffer overflow
+// use fixed length for buffer "msg" to avoid buffer overflow
+// Suppress -Wformat-nonliteral: fmt comes from the variadic parameter,
+// and call sites are checked via the format attribute on the declaration.
+#if defined(__clang__) || defined(__GNUC__)
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
+#endif
   vsnprintf(static_cast<char*>(msg.data()), msg.size() - 1, fmt, args);
+#if defined(__clang__) || defined(__GNUC__)
+#pragma GCC diagnostic pop
+#endif
 
   // ensure null-terminated string to avoid out of bounds read
   msg.back() = '\0';
diff --git a/onnx/common/assertions.h b/onnx/common/assertions.h
@@ -22,6 +22,9 @@ struct tensor_error : public assert_error {
   explicit tensor_error(const std::string& msg) : assert_error(msg) {}
 };
 
+#if defined(__GNUC__) || defined(__clang__)
+__attribute__((format(printf, 1, 2)))
+#endif
 std::string barf(const char* fmt, ...);
 
 [[noreturn]] void throw_assert_error(std::string& /*msg*/);
@@ -48,24 +51,19 @@ std::string barf(const char* fmt, ...);
 #define ONNX_EXPAND(x) x
 
 // Note: msg must be a string literal
-#define _ONNX_ASSERTM(cond, msg, ...)                                                                \
-  /* NOLINTNEXTLINE */                                                                               \
-  if (_ONNX_EXPECT(!(cond), 0)) {                                                                    \
-    std::string error_msg = ::ONNX_NAMESPACE::barf(                                                  \
-        "%s:%u: %s: Assertion `%s` failed: " msg, __FILE__, __LINE__, __func__, #cond, __VA_ARGS__); \
-    throw_assert_error(error_msg);                                                                   \
+// The ##__VA_ARGS__ extension removes the trailing comma when __VA_ARGS__ is empty.
+// This is supported by GCC, Clang, and MSVC (since VS 2019 16.6).
+#define ONNX_ASSERTM(cond, msg, ...)                                                                   \
+  /* NOLINTNEXTLINE */                                                                                 \
+  if (_ONNX_EXPECT(!(cond), 0)) {                                                                      \
+    std::string error_msg = ::ONNX_NAMESPACE::barf(                                                    \
+        "%s:%u: %s: Assertion `%s` failed: " msg, __FILE__, __LINE__, __func__, #cond, ##__VA_ARGS__); \
+    throw_assert_error(error_msg);                                                                     \
   }
 
-// The trailing ' ' argument is a hack to deal with the extra comma when ... is empty.
-// Another way to solve this is ##__VA_ARGS__ in _ONNX_ASSERTM, but this is a non-portable
-// extension we shouldn't use.
-#define ONNX_ASSERTM(...) ONNX_EXPAND(_ONNX_ASSERTM(__VA_ARGS__, " "))
-
-#define _TENSOR_ASSERTM(cond, msg, ...)                                                              \
-  if (_ONNX_EXPECT(!(cond), 0)) {                                                                    \
-    std::string error_msg = ::ONNX_NAMESPACE::barf(                                                  \
-        "%s:%u: %s: Assertion `%s` failed: " msg, __FILE__, __LINE__, __func__, #cond, __VA_ARGS__); \
-    throw_tensor_error(error_msg);                                                                   \
+#define TENSOR_ASSERTM(cond, msg, ...)                                                                 \
+  if (_ONNX_EXPECT(!(cond), 0)) {                                                                      \
+    std::string error_msg = ::ONNX_NAMESPACE::barf(                                                    \
+        "%s:%u: %s: Assertion `%s` failed: " msg, __FILE__, __LINE__, __func__, #cond, ##__VA_ARGS__); \
+    throw_tensor_error(error_msg);                                                                     \
   }
-
-#define TENSOR_ASSERTM(...) ONNX_EXPAND(_TENSOR_ASSERTM(__VA_ARGS__, " "))
diff --git a/onnx/defs/schema.cc b/onnx/defs/schema.cc
@@ -1762,8 +1762,8 @@ OpName_Domain_Version_Schema_Map& OpSchemaRegistry::map() {
       if (OpSchemaRegistry::Instance()->GetLoadedSchemaVersion() == 0) {
         ONNX_ASSERTM(
             dbg_registered_schema_count == ONNX_DBG_GET_COUNT_IN_OPSETS(),
-            "%u schema were exposed from operator sets and automatically placed into the static registry.  "
-            "%u were expected based on calls to registration macros. Operator set functions may need to be updated.",
+            "%zu schema were exposed from operator sets and automatically placed into the static registry.  "
+            "%zu were expected based on calls to registration macros. Operator set functions may need to be updated.",
             dbg_registered_schema_count,
             ONNX_DBG_GET_COUNT_IN_OPSETS());
       }
diff --git a/onnx/defs/tensor_proto_util.cc b/onnx/defs/tensor_proto_util.cc
@@ -4,6 +4,7 @@
 
 #include "tensor_proto_util.h"
 
+#include <cstring>
 #include <string>
 #include <vector>
 
diff --git a/onnx/defs/tensor_util.cc b/onnx/defs/tensor_util.cc
@@ -4,6 +4,7 @@
 
 #include "tensor_util.h"
 
+#include <cstring>
 #include <string>
 #include <vector>
 
diff --git a/onnx/version_converter/adapters/Attention_24_23.h b/onnx/version_converter/adapters/Attention_24_23.h
@@ -1,13 +1,14 @@
 // Copyright (c) ONNX Project Contributors
-
-/*
- * SPDX-License-Identifier: Apache-2.0
- */
+//
+// SPDX-License-Identifier: Apache-2.0
 
 // Adapter for Attention in default domain from version 24 to 23
 
 #pragma once
 
+#include <cinttypes>
+#include <cstdint>
+
 #include "onnx/version_converter/adapters/adapter.h"
 
 namespace ONNX_NAMESPACE {
@@ -24,11 +25,12 @@ class Attention_24_23 final : public Adapter {
     if (inputs.size() > 6) {
       ONNX_ASSERTM(
           false,
-          "%s being converted from %d to %d has nonpad_kv_seqlen input, "
+          "%s being converted from %" PRId64 " to %" PRId64
+          " has nonpad_kv_seqlen input, "
           "which is not supported in opset 23. This conversion cannot be performed.",
           name().c_str(),
-          initial_version().version(),
-          target_version().version());
+          static_cast<int64_t>(initial_version().version()),
+          static_cast<int64_t>(target_version().version()));
     }
   }
 
diff --git a/onnx/version_converter/adapters/broadcast_backward_compatibility.h b/onnx/version_converter/adapters/broadcast_backward_compatibility.h
@@ -8,6 +8,8 @@
 
 #pragma once
 
+#include <cinttypes>
+#include <cstdint>
 #include <memory>
 #include <string>
 #include <vector>
@@ -38,11 +40,12 @@ class BroadcastBackwardCompatibility final : public Adapter {
     int req_broadcast = check_numpy_unibroadcastable_and_require_broadcast(A_sizes, B_sizes);
     ONNX_ASSERTM(
         req_broadcast != -1,
-        "%s being converted from %d to %d does "
+        "%s being converted from %" PRId64 " to %" PRId64
+        " does "
         "not have broadcastable inputs.",
         name().c_str(),
-        initial_version().version(),
-        target_version().version())
+        static_cast<int64_t>(initial_version().version()),
+        static_cast<int64_t>(target_version().version()))
     if (req_broadcast == 1) {
       // If conditional is not fulfilled, we have a default broadcast
       // Add broadcast attribute
diff --git a/onnx/version_converter/adapters/gemm_7_6.h b/onnx/version_converter/adapters/gemm_7_6.h
@@ -8,6 +8,8 @@
 
 #pragma once
 
+#include <cinttypes>
+#include <cstdint>
 #include <memory>
 #include <vector>
 
@@ -43,11 +45,12 @@ class Gemm_7_6 final : public Adapter {
     int req_broadcast = check_numpy_unibroadcastable_and_require_broadcast(MN, C_shape);
     ONNX_ASSERTM(
         req_broadcast != -1,
-        "%s being converted from %d to %d does "
+        "%s being converted from %" PRId64 " to %" PRId64
+        " does "
         "not have broadcastable inputs.",
         name().c_str(),
-        initial_version().version(),
-        target_version().version())
+        static_cast<int64_t>(initial_version().version()),
+        static_cast<int64_t>(target_version().version()))
     if (req_broadcast == 1) {
       node->i_(kbroadcast, 1);
     }
diff --git a/onnx/version_converter/adapters/q_dq_21_20.h b/onnx/version_converter/adapters/q_dq_21_20.h
@@ -8,9 +8,12 @@
 
 #pragma once
 
+#include <cinttypes>
+#include <cstdint>
 #include <memory>
 #include <vector>
 
+#include "onnx/common/assertions.h"
 #include "onnx/version_converter/adapters/type_restriction.h"
 
 namespace ONNX_NAMESPACE {
@@ -30,16 +33,19 @@ class QuantizeLinear_21_20 final : public TypeRestriction {
   void adapt_quantize_linear_21_20(const std::shared_ptr<Graph>& /*unused*/, Node* node) const {
     if (node->hasAttribute(kblock_size)) {
       if ((node->i(kblock_size) != 0)) {
-        ONNX_ASSERTM(false, "Blocked quantization is not supported for Opset Version %d.", target_version().version())
+        ONNX_ASSERTM(
+            false,
+            "Blocked quantization is not supported for Opset Version %" PRId64 ".",
+            static_cast<int64_t>(target_version().version()))
       }
       node->removeAttribute(kblock_size);
     }
     if (node->hasAttribute(koutput_dtype)) {
       if (node->i(koutput_dtype) != TensorProto_DataType_UINT8 && node->inputs().size() < 3) {
         ONNX_ASSERTM(
             false,
-            "Attribute output_dtype is not supported for Opset Version %d, supply a zero-point tensor instead",
-            target_version().version())
+            "Attribute output_dtype is not supported for Opset Version %" PRId64 ", supply a zero-point tensor instead",
+            static_cast<int64_t>(target_version().version()))
       }
       node->removeAttribute(koutput_dtype);
     }
@@ -60,7 +66,10 @@ class DequantizeLinear_21_20 final : public TypeRestriction {
   void adapt_dequantize_linear_21_20(const std::shared_ptr<Graph>& /*unused*/, Node* node) const {
     if (node->hasAttribute(kblock_size)) {
       if ((node->i(kblock_size) != 0)) {
-        ONNX_ASSERTM(false, "Blocked quantization is not supported for Opset Version %d.", target_version().version())
+        ONNX_ASSERTM(
+            false,
+            "Blocked quantization is not supported for Opset Version %" PRId64 ".",
+            static_cast<int64_t>(target_version().version()))
       }
       node->removeAttribute(kblock_size);
     }
diff --git a/onnx/version_converter/adapters/type_restriction.h b/onnx/version_converter/adapters/type_restriction.h
diff --git a/onnx/version_converter/helper.cc b/onnx/version_converter/helper.cc
