From 1c236e9c2546d70da34ca8a22eb44daca65a824c Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Wed, 21 Mar 2007 14:52:12 +0000 Subject: [PATCH] Enable compiler stack protection flags --- ChangeLog | 7 ++++++ acinclude.m4 | 61 +++++++++++++++++++++++++--------------------------- 2 files changed, 36 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1132030a17..7356eda5f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +Wed Mar 21 10:52:06 EST 2007 Daniel P. Berrange + + * acinclude.m4: Always use -Wp,-D_FORTIFY_SOURCE=2 -fexceptions + -fstack-protector --param=ssp-buffer-size=4 + -fasynchronous-unwind-tables if supported by the compiler. Check + all warnings flags for compiler support + Tue Mar 20 10:00:06 EST 2007 Daniel P. Berrange * qemud/conf.c: Fixed buffer overflow in code building up diff --git a/acinclude.m4 b/acinclude.m4 index b59f94c4eb..54da009f64 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -12,57 +12,54 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ AC_ARG_ENABLE(compile-warnings, AC_HELP_STRING([--enable-compile-warnings=@<:@no/minimum/yes/maximum/error@:>@], [Turn on compiler warnings]),, - [enable_compile_warnings="m4_default([$1],[yes])"]) + [enable_compile_warnings="m4_default([$1],[maximum])"]) warnCFLAGS= - if test "x$GCC" != xyes; then - enable_compile_warnings=no - fi - warning_flags= - realsave_CFLAGS="$CFLAGS" + try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fasynchronous-unwind-tables" case "$enable_compile_warnings" in no) - warning_flags= ;; minimum) - warning_flags="-Wall" + try_compiler_flags="$try_compiler_flags -Wall" ;; yes) - warning_flags="-Wall -Wmissing-prototypes" + try_compiler_flags="$try_compiler_flags -Wall -Wmissing-prototypes" ;; maximum|error) - warning_flags="-Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith" - warning_flags="$warning_flags -Wextra -Wshadow -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Winline -Wredundant-decls" - CFLAGS="$warning_flags $CFLAGS" - for option in -Wno-sign-compare; do - SAVE_CFLAGS="$CFLAGS" - CFLAGS="$CFLAGS $option" - AC_MSG_CHECKING([whether gcc understands $option]) - AC_TRY_COMPILE([], [], - has_option=yes, - has_option=no,) - CFLAGS="$SAVE_CFLAGS" - AC_MSG_RESULT($has_option) - if test $has_option = yes; then - warning_flags="$warning_flags $option" - fi - unset has_option - unset SAVE_CFLAGS - done - unset option + try_compiler_flags="$try_compiler_flags -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith" + try_compiler_flags="$try_compiler_flags -Wextra -Wshadow -Wcast-align -Wwrite-strings -Waggregate-return" + try_compiler_falgs="$try_compiler_flags -Wstrict-prototypes -Winline -Wredundant-decls -Wno-sign-compare" if test "$enable_compile_warnings" = "error" ; then - warning_flags="$warning_flags -Werror" + try_compiler_flags="$try_compiler_flags -Werror" fi ;; *) AC_MSG_ERROR(Unknown argument '$enable_compile_warnings' to --enable-compile-warnings) ;; esac + + compiler_flags= + for option in $try_compiler_flags; do + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $option" + AC_MSG_CHECKING([whether gcc understands $option]) + AC_TRY_COMPILE([], [], + has_option=yes, + has_option=no,) + CFLAGS="$SAVE_CFLAGS" + AC_MSG_RESULT($has_option) + if test $has_option = yes; then + compiler_flags="$compiler_flags $option" + fi + unset has_option + unset SAVE_CFLAGS + done + unset option + unset try_compiler_flags + CFLAGS="$realsave_CFLAGS" - AC_MSG_CHECKING(what warning flags to pass to the C compiler) - AC_MSG_RESULT($warning_flags) AC_ARG_ENABLE(iso-c, AC_HELP_STRING([--enable-iso-c], @@ -85,6 +82,6 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[ fi AC_MSG_RESULT($complCFLAGS) - WARN_CFLAGS="$warning_flags $complCFLAGS" + WARN_CFLAGS="$compiler_flags $complCFLAGS" AC_SUBST(WARN_CFLAGS) ]) -- GitLab