Page MenuHomePhabricator

[CMAKE] Define FORTIFY_SOURCE=2
AbandonedPublic

Authored by Fabien on Wed, Mar 6, 15:49.

Details

Reviewers
deadalnix
Group Reviewers
Restricted Project
Summary

This is part of the hardening process, it enables some buffer overflow
detection.

Depends on D2674

Test Plan
mkdir buildcmake && cd buildcmake
cmake -GNinja .. -DCMAKE_BUILD_TYPE=RelWithDebInfo
ninja -v

Check the -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 flags are added on the
compiler command lines.

Diff Detail

Repository
rABC Bitcoin ABC
Branch
cmake_hardening_fortify_source
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 5193
Build 8449: Bitcoin ABC Teamcity Staging
Build 8448: arc lint + arc unit

Event Timeline

Fabien created this revision.Wed, Mar 6, 15:49
Herald added a reviewer: Restricted Project. · View Herald TranscriptWed, Mar 6, 15:49
Herald added a subscriber: schancel. · View Herald Transcript
deadalnix requested changes to this revision.Thu, Mar 7, 17:38

This raises also the fact that D2640 was wrong as well.

src/CMakeLists.txt
41 ↗(On Diff #7622)

Please copy what autotool does for hardening instead. Passing the PIE flags is also part of the hardening featues.

This revision now requires changes to proceed.Thu, Mar 7, 17:38
Fabien updated this revision to Diff 7658.Fri, Mar 8, 14:49

Rebase on top of D2674

Fabien planned changes to this revision.Wed, Mar 13, 14:52

Superseeded by D2687, can be removed when landed.

Fabien abandoned this revision.Wed, Mar 20, 17:32

Superseeded by D2687