Compiler guide: Add note about redefining default of FORTIFY_SOURCE #273
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
See also the findings in #270. |
thomasnyman
reviewed
Nov 1, 2023
| @@ -124,7 +124,7 @@ Table 2: Recommended compiler options that enable run-time protection mechanisms | |||
|
|
|||
| | Compiler Flag | Supported since | Description | | |||
| |:----------------------------------------------------------------------------------------- |:----------------------------------:|:-------------------------------------------------------------------------------------------- | | |||
| | [`-D_FORTIFY_SOURCE=3`](#-D_FORTIFY_SOURCE=3) <br/>(requires `-O1` or higher) | GCC 12.0<br/>Clang 9.0.0[^Guelton20] | Fortify sources with compile- and run-time checks for unsafe libc usage and buffer overflows. Some fortification levels can impact performance. | | |||
| | [`-D_FORTIFY_SOURCE=3`](#-D_FORTIFY_SOURCE=3) <br/>(requires `-O1` or higher, <br/> may require -U_FORTIFY_SOURCE) | GCC 12.0<br/>Clang 9.0.0[^Guelton20] | Fortify sources with compile- and run-time checks for unsafe libc usage and buffer overflows. Some fortification levels can impact performance. | | |||
There was a problem hiding this comment.
I'd prefer "may require prepending -U_FORTIFY_SOURCE" to avoid the interpretation that one should specify -D_FORTIFY_SOURCE=3 -U_FORTIFY_SOURCE
thomasnyman
reviewed
Nov 1, 2023
| @@ -267,6 +266,8 @@ To benefit from `_FORTIFY_SOURCE` checks following requirements must be met: | |||
|
|
|||
| If checks added by `_FORTIFY_SOURCE` detect unsafe behavior at run-time they will print an error message and terminate the application. | |||
|
|
|||
| A default mode for FORTIFY_SOURCE may be predefined for a given compiler, for instance gcc shipped with Ubuntu 22.04 uses FORTIFY_SOURCE=2 by default. If a mode of FORTIFY_SOURCE is set on the command line which differs from the default, the compiler warns about redefining the FORTIFY_SOURCE macro. To avoid this, the predefined mode can be unset with -U_FORTIFY_SOURCE before setting the desired value. | |||
There was a problem hiding this comment.
Nit: We are capitalizing GCC elsewhere in the guide.
In case a compiler uses a predefined default for FORTIFY_SOURCE and a different mode is set on the command line, a warning about redefining the macro is triggered. To avoid this, the default value of FORTIFY_SOURCE can be unset first before setting the desired value. Signed-off-by: Georg Kunz <[email protected]>
Signed-off-by: Georg Kunz <[email protected]>
gkunz
force-pushed
the
undefine-fortify-source
branch
from
f097d3b to
d6d8d23
Compare
david-a-wheeler
approved these changes
Nov 3, 2023
thomasnyman
approved these changes
Nov 7, 2023
|
lgtm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In case a compiler uses a predefined default for FORTIFY_SOURCE and a different mode is set on the command line, a warning about redefining the macro is triggered. To avoid this, the default value of FORTIFY_SOURCE can be unset first before setting the desired value.
Fixes #272