AFFLIBv3 icon indicating copy to clipboard operation
AFFLIBv3 copied to clipboard

Published 20 hours ago verified publisher icon sshock

configure.ac: Unconditionally defining _FORTIFY_SOURCE=2 overrides _FORTIFY_SOURCE=3

Open chrfranke opened this issue 1 year ago • 3 comments
trafficstars

Many recent distros provide GCC >= 12.0 which supports __builtin_dynamic_object_size(): https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html

This is used instead of __builtin_object_size() by newer CRT includes if _FORTIFY_SOURCE=3 is set.

Compiler presets or packaging support tools now often default to _FORTIFY_SOURCE=3 which would be downgraded by these lines of configure.ac:

CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -Wall -g"
CXXFLAGS="$CXXFLAGS -D_FORTIFY_SOURCE=2 -Wall -g"

(A similar problem may be the -g which may override -ggdb)

chrfranke avatar Mar 26 '24 11:03 chrfranke

Hi Christian. Are you suggesting simply set _FORTIFY_SOURCE to 3 and change -g to -ggdb here in configure.ac?

That sounds fine and good to me, other than I'm not 100% sure the compiler must always be gcc, and if it were something else -ggdb wouldn't be valid.

sshock avatar Mar 28 '24 03:03 sshock

If downstream predefines certain *FLAGS, these should IMO always have preference.

Here a working example for configure.ac which sets _FORTIFY_SOURCE=3 if not pre(un)defined. A full check, which also detects compiler presets (e.g. Ubuntu gcc), would require AC_COMPILE_IF_ELSE.

case " $CPPFLAGS $CFLAGS $CXXFLAGS " in
  *\ -[[DU]]_FORTIFY_SOURCE\ *|*\ -D_FORTIFY_SOURCE=*)
    ;; # _FORTIFY_SOURCE pre(un)defined (does not detect compiler presets)
  *)
    CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=3"
    CXXFLAGS="$CXXFLAGS -D_FORTIFY_SOURCE=3" ;;
esac

Another recommended security flag is -fstack-protector-strong (gcc >= 4.9). It is typically also preset on recent distributions.

At least in the ancient past (IIRC at least with the solaris compiler), even -Wall was not portable. Here an example which sets -Wall only for gcc/clang (GCC=yes in configure) and also sets -Werror=return-type for C++ only.

case "$GCC: $CFLAGS $CXXFLAGS " in
  :*|*\ -W*)
    ;; # No gcc/clang used or -W option(s) are predefined
  yes:*)
    CFLAGS="$CFLAGS -Wall"
    # Never ignore -Wreturn-type as g++ >= 8.0 assumes that control never
    # reaches the end of a non-void function.
    CXXFLAGS="$CXXFLAGS -Wall -Werror=return-type" ;;
esac

BTW, there is no need to set -g because configure already does this by default if the compiler supports it. It also adds -O2 for gcc/clang.

chrfranke avatar Mar 28 '24 10:03 chrfranke

Could you provide a pull request?

sshock avatar Mar 30 '24 23:03 sshock