Mercurial > hg > bitcoin
changeset 3536:30ff51480e70 draft
Bitcoin-Qt: expand GCC Stack-Smashing Protector usage (non Windows)
This patch currently excludes our Windows executable!
- change to use -fstack-protector-all
- the minimum size of buffers (i.e. arrays) that will receive stack
smashing protection was changed to 1 byte (GCC default: 8)
- warn about functions that will not be protected against stack
smashing by adding -Wstack-protector
author | Philip Kaufmann <phil.kaufmann@t-online.de> |
---|---|
date | Mon, 16 Jul 2012 14:33:25 +0200 |
parents | 90d376b8d539 |
children | c66b3302cba7 |
files | bitcoin-qt.pro |
diffstat | 1 files changed, 8 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/bitcoin-qt.pro +++ b/bitcoin-qt.pro @@ -30,6 +30,13 @@ } } +!win32 { +# for extra security against potential buffer overflows: enable GCCs Stack Smashing Protection +QMAKE_CXXFLAGS *= -fstack-protector-all --param ssp-buffer-size=1 +QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1 +# We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable! +# This can be enabled for Windows, when we switch to MinGW >= 4.4.x. +} # for extra security on Windows: enable ASLR and DEP via GCC linker flags win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat @@ -82,12 +89,6 @@ QTPLUGIN += qcncodecs qjpcodecs qtwcodecs qkrcodecs qtaccessiblewidgets } -!windows { - # for extra security against potential buffer overflows - QMAKE_CXXFLAGS += -fstack-protector - QMAKE_LFLAGS += -fstack-protector - # do not enable this on windows cross compile with mingw 4.2.x, as it will result in a non-working executable! -} # regenerate src/build.h !windows|contains(USE_BUILD_INFO, 1) { @@ -99,7 +100,7 @@ DEFINES += HAVE_BUILD_INFO } -QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter +QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter -Wstack-protector # Input DEPENDPATH += src src/json src/qt