From 7142562310e631156d1f64aff22f068ae2c48a5e Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Fri, 19 Feb 2021 09:11:02 +0100 Subject: [PATCH] Everywhere: Build with -fstack-clash-protection This option causes GCC to generate code to prevent "stack clash" style attacks where a very large stack allocation is used in to jump over the stack guard page and into whatever's next to it. --- CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index d810dd4cc50de4..8681ca45579afa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -154,6 +154,7 @@ set(CMAKE_CXX_LINK_FLAGS "-Wl,--hash-style=gnu,-z,relro,-z,now") set(CMAKE_SKIP_RPATH TRUE) add_compile_options(-Os -g1 -fno-exceptions -fstack-protector-strong -Wno-address-of-packed-member -Wundef -Wcast-qual -Wwrite-strings -Wimplicit-fallthrough -Wno-nonnull-compare -Wno-deprecated-copy -Wno-expansion-to-defined) +add_compile_options(-fstack-clash-protection) add_compile_options(-ffile-prefix-map=${CMAKE_SOURCE_DIR}=.) add_compile_definitions(DEBUG SANITIZE_PTRS)