Page MenuHomePhabricator

[CMAKE] Define FORTIFY_SOURCE=2
AbandonedPublic

Authored by Fabien on Mar 6 2019, 15:49.

Details

Reviewers
deadalnix
Group Reviewers
Restricted Project
Summary

This is part of the hardening process, it enables some buffer overflow
detection.

Depends on D2674

Test Plan
mkdir buildcmake && cd buildcmake
cmake -GNinja .. -DCMAKE_BUILD_TYPE=RelWithDebInfo
ninja -v

Check the -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 flags are added on the
compiler command lines.

Diff Detail

Repository
rABC Bitcoin ABC
Branch
cmake_hardening_fortify_source
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 5193
Build 8449: Bitcoin ABC Buildbot (legacy)
Build 8448: arc lint + arc unit

Event Timeline

deadalnix requested changes to this revision.Mar 7 2019, 17:38

This raises also the fact that D2640 was wrong as well.

src/CMakeLists.txt
41 ↗(On Diff #7622)

Please copy what autotool does for hardening instead. Passing the PIE flags is also part of the hardening featues.

This revision now requires changes to proceed.Mar 7 2019, 17:38
Fabien planned changes to this revision.Mar 13 2019, 14:52

Superseeded by D2687, can be removed when landed.