Bitcoin-Qt: expand GCC Stack-Smashing Protector usage (non Windows)
This patch currently excludes our Windows executable! - change to use -fstack-protector-all - the minimum size of buffers (i.e. arrays) that will receive stack smashing protection was changed to 1 byte (GCC default: 8) - warn about functions that will not be protected against stack smashing by adding -Wstack-protector
This commit is contained in:
parent
f394f21594
commit
807f3e83ba
@ -30,6 +30,13 @@ contains(RELEASE, 1) {
|
||||
}
|
||||
}
|
||||
|
||||
!win32 {
|
||||
# for extra security against potential buffer overflows: enable GCCs Stack Smashing Protection
|
||||
QMAKE_CXXFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
|
||||
QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
|
||||
# We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable!
|
||||
# This can be enabled for Windows, when we switch to MinGW >= 4.4.x.
|
||||
}
|
||||
# for extra security on Windows: enable ASLR and DEP via GCC linker flags
|
||||
win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat
|
||||
|
||||
@ -82,12 +89,6 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) {
|
||||
QTPLUGIN += qcncodecs qjpcodecs qtwcodecs qkrcodecs qtaccessiblewidgets
|
||||
}
|
||||
|
||||
!windows {
|
||||
# for extra security against potential buffer overflows
|
||||
QMAKE_CXXFLAGS += -fstack-protector
|
||||
QMAKE_LFLAGS += -fstack-protector
|
||||
# do not enable this on windows cross compile with mingw 4.2.x, as it will result in a non-working executable!
|
||||
}
|
||||
|
||||
# regenerate src/build.h
|
||||
!windows|contains(USE_BUILD_INFO, 1) {
|
||||
@ -99,7 +100,7 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) {
|
||||
DEFINES += HAVE_BUILD_INFO
|
||||
}
|
||||
|
||||
QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter
|
||||
QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter -Wstack-protector
|
||||
|
||||
# Input
|
||||
DEPENDPATH += src src/json src/qt
|
||||
|
Loading…
Reference in New Issue
Block a user