diff options
author | Rodrigo Rebello <rprebello@gmail.com> | 2015-11-12 12:04:28 -0200 |
---|---|---|
committer | Michael Tokarev <mjt@tls.msk.ru> | 2015-12-04 09:39:55 +0300 |
commit | fccd35a04640a728f979e6d72b2c7d02c05549f0 (patch) | |
tree | 64cba75ad72de826eeb48b8037004dca059f9ca8 | |
parent | 0e1d02452bf2c3486406dd48524a5b1de3c0eba8 (diff) |
configure: use appropriate code fragment for -fstack-protector checks
The check for stack-protector support consisted in compiling and linking
the test program below (output by function write_c_skeleton()) with the
compiler flag -fstack-protector-strong first and then with
-fstack-protector-all if the first one failed to work:
int main(void) { return 0; }
This caused false positives when using certain toolchains in which the
compiler accepted -fstack-protector-strong but no support was provided
by the C library, since for this stack-protector variant the compiler
emits canary code only for functions that meet specific conditions
(local arrays, memory references to local variables, etc.) and the code
fragment under test included none of them (hence no stack protection
code generated, no link failure).
This fix changes the test program used for -fstack-protector checks to
include a function that meets conditions which cause the compiler to
generate canary code in all variants.
Signed-off-by: Rodrigo Rebello <rprebello@gmail.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
-rwxr-xr-x | configure | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -1491,6 +1491,16 @@ for flag in $gcc_flags; do done if test "$stack_protector" != "no"; then + cat > $TMPC << EOF +int main(int argc, char *argv[]) +{ + char arr[64], *p = arr, *c = argv[0]; + while (*c) { + *p++ = *c++; + } + return 0; +} +EOF gcc_flags="-fstack-protector-strong -fstack-protector-all" sp_on=0 for flag in $gcc_flags; do |