Bitcoin-Qt: expand GCC Stack-Smashing Protector usage (non Windows)

This patch currently excludes our Windows executable!

- change to use -fstack-protector-all
- the minimum size of buffers (i.e. arrays) that will receive stack
  smashing protection was changed to 1 byte (GCC default: 8)
- warn about functions that will not be protected against stack
  smashing by adding -Wstack-protector
This commit is contained in:
Philip Kaufmann 2012-07-16 14:33:25 +02:00
parent f394f21594
commit 807f3e83ba

View File

@ -30,6 +30,13 @@ contains(RELEASE, 1) {
}
}
!win32 {
# for extra security against potential buffer overflows: enable GCCs Stack Smashing Protection
QMAKE_CXXFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
# We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable!
# This can be enabled for Windows, when we switch to MinGW >= 4.4.x.
}
# for extra security on Windows: enable ASLR and DEP via GCC linker flags
win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat
@ -82,12 +89,6 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) {
QTPLUGIN += qcncodecs qjpcodecs qtwcodecs qkrcodecs qtaccessiblewidgets
}
!windows {
# for extra security against potential buffer overflows
QMAKE_CXXFLAGS += -fstack-protector
QMAKE_LFLAGS += -fstack-protector
# do not enable this on windows cross compile with mingw 4.2.x, as it will result in a non-working executable!
}
# regenerate src/build.h
!windows|contains(USE_BUILD_INFO, 1) {
@ -99,7 +100,7 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) {
DEFINES += HAVE_BUILD_INFO
}
QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter
QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter -Wstack-protector
# Input
DEPENDPATH += src src/json src/qt