Enable -fstack-protector-strong for arm.
This results in nearly all functions with the possibility of stack corruption getting stack canaries, because it applies to any function taking a reference to the frame or with a local array rather than just the functions with arrays larger than 8 bytes. It was developed for use in Chrome (and Chrome OS) and has also been adopted by various other distributions (Arch, Fedora, Ubuntu, etc). The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to ~0.7% with the more conservative switch. The increase in the performance loss is usually minimal. The overall size increase once everything other than C and C++ code is taken into account is minimal, and it greatly improves the mitigation of stack buffer overflow vulnerabilities. https://lwn.net/Articles/584225/ Change-Id: Iccc20852db8a5e4dd9792f9da6d5e325fc59b0a5
This commit is contained in:
		| @@ -101,7 +101,7 @@ $(combo_2nd_arch_prefix)TARGET_GLOBAL_CFLAGS += \ | ||||
| 			-ffunction-sections \ | ||||
| 			-fdata-sections \ | ||||
| 			-funwind-tables \ | ||||
| 			-fstack-protector \ | ||||
| 			-fstack-protector-strong \ | ||||
| 			-Wa,--noexecstack \ | ||||
| 			-Werror=format-security \ | ||||
| 			-D_FORTIFY_SOURCE=2 \ | ||||
|   | ||||
		Reference in New Issue
	
	Block a user