From 4d4a43984c071b3611bdc1f2dbb38ee167ae6c48 Mon Sep 17 00:00:00 2001
From: Bram Matthys <syzop@vulnscan.org>
Date: Sun, 22 Feb 2026 16:36:35 +0100
Subject: [PATCH] Hardening: add -ftrivial-auto-var-init=zero

This zeroes out variables that COULD be accessed before being set
(so to prevent access to unitialized variables). We are generally
very careful about this in our code, but in 3rd party modules this
is less the case. And still useful in case we ourselves screw up.
---
 configure    | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 configure.ac |  6 ++++++
 2 files changed, 64 insertions(+)

diff --git a/configure b/configure
index db67c5ec8..42e430436 100755
--- a/configure
+++ b/configure
@@ -5140,6 +5140,64 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
+  # This zeroes out variables that COULD be accessed before being set.
+  # We are generally very careful about this in our code, but 3rd party
+  # modules are not always so careful. And still useful in case we ourselves
+  # screw up.
+  ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -ftrivial-auto-var-init=zero" >&5
+printf %s "checking whether C compiler accepts -ftrivial-auto-var-init=zero... " >&6; }
+if test ${ax_cv_check_cflags__Werror___ftrivial_auto_var_init_zero+y}
+then :
+  printf %s "(cached) " >&6
+else case e in #(
+  e)
+  ax_check_save_flags=$CFLAGS
+  CFLAGS="$CFLAGS -Werror  -ftrivial-auto-var-init=zero"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main (void)
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"
+then :
+  ax_cv_check_cflags__Werror___ftrivial_auto_var_init_zero=yes
+else case e in #(
+  e) ax_cv_check_cflags__Werror___ftrivial_auto_var_init_zero=no ;;
+esac
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
+  CFLAGS=$ax_check_save_flags ;;
+esac
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags__Werror___ftrivial_auto_var_init_zero" >&5
+printf "%s\n" "$ax_cv_check_cflags__Werror___ftrivial_auto_var_init_zero" >&6; }
+if test x"$ax_cv_check_cflags__Werror___ftrivial_auto_var_init_zero" = xyes
+then :
+  HARDEN_CFLAGS="$HARDEN_CFLAGS -ftrivial-auto-var-init=zero"
+else case e in #(
+  e) : ;;
+esac
+fi
+
+  ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
   # At the link step, we might want -pie (GCC) or -Wl,-pie (Clang on OS X)
   #
   # The linker checks also compile code, so we need to include -fPIE as well.
diff --git a/configure.ac b/configure.ac
index 4e98406b0..3150bad2e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -153,6 +153,12 @@ AS_IF([test x"$hardening" != x"no"], [
   # Clear registers on return (performance penalty, but acceptable, makes ROP harder)
   check_cc_flag([-fzero-call-used-regs=used-gpr], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fzero-call-used-regs=used-gpr"])
 
+  # This zeroes out variables that COULD be accessed before being set.
+  # We are generally very careful about this in our code, but 3rd party
+  # modules are not always so careful. And still useful in case we ourselves
+  # screw up.
+  check_cc_flag([-ftrivial-auto-var-init=zero], [HARDEN_CFLAGS="$HARDEN_CFLAGS -ftrivial-auto-var-init=zero"])
+
   # At the link step, we might want -pie (GCC) or -Wl,-pie (Clang on OS X)
   #
   # The linker checks also compile code, so we need to include -fPIE as well.