Everywhere: Build with -fstack-clash-protection

This option causes GCC to generate code to prevent "stack clash" style attacks where a very large stack allocation is used in to jump over the stack guard page and into whatever's next to it.
SerenityOS · Feb 19, 2021 · 7142562 · 7142562
1 parent 1e6d04c
commit 7142562
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -154,6 +154,7 @@ set(CMAKE_CXX_LINK_FLAGS "-Wl,--hash-style=gnu,-z,relro,-z,now")
 set(CMAKE_SKIP_RPATH TRUE)
 
 add_compile_options(-Os -g1 -fno-exceptions -fstack-protector-strong -Wno-address-of-packed-member -Wundef -Wcast-qual -Wwrite-strings -Wimplicit-fallthrough -Wno-nonnull-compare -Wno-deprecated-copy -Wno-expansion-to-defined)
+add_compile_options(-fstack-clash-protection)
 add_compile_options(-ffile-prefix-map=${CMAKE_SOURCE_DIR}=.)
 
 add_compile_definitions(DEBUG SANITIZE_PTRS)