forked from openkylin/platform_build
Enable -fstack-protector-strong for x86.
This results in nearly all functions with the possibility of stack corruption getting stack canaries, because it applies to any function taking a reference to the frame or with a local array rather than just the functions with arrays larger than 8 bytes. It was developed for use in Chrome (and Chrome OS) and has also been adopted by various other distributions (Arch, Fedora, Ubuntu, etc). The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to ~0.7% with the more conservative switch. The increase in the performance loss is usually minimal. The overall size increase once everything other than C and C++ code is taken into account is minimal, and it greatly improves the mitigation of stack buffer overflow vulnerabilities. https://lwn.net/Articles/584225/ Change-Id: I55a9fdbf5777ccdeed9f2e9a23c73bb94ad7b646
This commit is contained in:
Elliott Hughes
parent
eca3206abb
commit
8ebc4d6aab
|
|
@ -94,7 +94,7 @@ $(combo_2nd_arch_prefix)TARGET_GLOBAL_CFLAGS += \
|
||||||
-fstrict-aliasing \
|
-fstrict-aliasing \
|
||||||
-funswitch-loops \
|
-funswitch-loops \
|
||||||
-funwind-tables \
|
-funwind-tables \
|
||||||
-fstack-protector \
|
-fstack-protector-strong \
|
||||||
-m32 \
|
-m32 \
|
||||||
-no-canonical-prefixes \
|
-no-canonical-prefixes \
|
||||||
-fno-canonical-system-headers \
|
-fno-canonical-system-headers \
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue