mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-06-12 17:14:46 +02:00
Hardening: add -fstrict-flex-arrays=3
This should help gcc/clang with finding more OOB write bugs.
It does mean that 3rd party modules can no longer use the something like:
struct { char name[1]; }
and then alloc(sizeof(struct) + length of name)
instead the struct element needs to be name[];
...and they would need to alloc(sizeof(struct) + length of name + 1)
No 3rd party modules in unrealircd-contrib use this so.. hopefully fine.
This commit is contained in:
Bram Matthys
@@ -147,6 +147,9 @@ AS_IF([test x"$hardening" != x"no"], [
|
||||
# Control Flow Enforcement (ROP hardening) - requires CPU hardware support
|
||||
check_cc_flag([-fcf-protection], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fcf-protection"])
|
||||
|
||||
# Since we have moved from name[1] to name[], setting this should help bounds checking:
|
||||
check_cc_flag([-fstrict-flex-arrays=3], [HARDEN_CFLAGS="$HARDEN_CFLAGS -fstrict-flex-arrays=3"])
|
||||
|
||||
# At the link step, we might want -pie (GCC) or -Wl,-pie (Clang on OS X)
|
||||
#
|
||||
# The linker checks also compile code, so we need to include -fPIE as well.
|
||||
|
||||
Reference in New Issue
Block a user