Skip to content

Commit 076183b

Browse files
fanquakefanquake
committed
build: add -fcf-protection=full to hardening options
Enables code instrumentation of control-flow transfers. Available in GCC 8 and Clang 7. This option is now on by default in Ubuntu GCC as of 19.10.
1 parent c940c1a commit 076183b

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

configure.ac

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -785,6 +785,7 @@ if test x$use_hardening != xno; then
785785
AX_CHECK_COMPILE_FLAG([-Wstack-protector],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -Wstack-protector"])
786786
AX_CHECK_COMPILE_FLAG([-fstack-protector-all],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fstack-protector-all"])
787787

788+
AX_CHECK_COMPILE_FLAG([-fcf-protection=full],[HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -fcf-protection=full"])
788789
dnl When enable_debug is yes, all optimizations are disabled.
789790
dnl However, FORTIFY_SOURCE requires that there is some level of optimization, otherwise it does nothing and just creates a compiler warning.
790791
dnl Since FORTIFY_SOURCE is a no-op without optimizations, do not enable it when enable_debug is yes.

0 commit comments

Comments
 (0)