c-compiler-security icon indicating copy to clipboard operation
c-compiler-security copied to clipboard

Published 20 hours ago verified publisher icon airbus-seclab

Moar options!

Open kees opened this issue 3 years ago • 1 comments
trafficstars

-D_FORTIFY_SOURCE=3 exists now.

-ftrivial-auto-var-init=zero is in GCC 12+ and Clang.

-fsanitize=bounds -fsanitize-undefined-trap-on-error for trivial checking of known-size arrays.

-fstrict-flex-arrays will be in GCC 13+ and Clang 16+, but likely requires some very careful management of some header files, especially anything using the very ancient struct sockaddr. But it'll gain coverage of trailing arrays that would otherwise be ignored by FORTIFY and sanitize=bounds.

kees avatar Nov 03 '22 08:11 kees

I updated the page for GCC 12, I still have to cover the modern versions of clang

trou avatar Nov 07 '22 21:11 trou