From 20c894d21eb64153abf7c7f96e6a151897cf1488 Mon Sep 17 00:00:00 2001 From: Frédéric Bérat Date: Fri, 17 Mar 2023 10:17:28 +0100 Subject: Exclude routines from fortification Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to be excluded from the fortification. On top of that: - some tests explicitly verify that some level of fortification works appropriately, we therefore shouldn't modify the level set for them. - some objects need to be build with optimization disabled, which prevents _FORTIFY_SOURCE to be used for them. Assembler files that implement architecture specific versions of the fortified routines were not excluded from _FORTIFY_SOURCE as there is no C header included that would impact their behavior. Reviewed-by: Siddhesh Poyarekar --- debug/Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'debug') diff --git a/debug/Makefile b/debug/Makefile index 9d658e3002..434e52f780 100644 --- a/debug/Makefile +++ b/debug/Makefile @@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is: # CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables -CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1 +CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1 CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables -CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1 +CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1 CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables -CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1 -CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2 -CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2 +CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1 +CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 +CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2 # _FORTIFY_SOURCE tests. # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and @@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE # cannot be disabled via pragmas, so require -Wno-error to be used. define gen-chk-test tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4) -CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \ +CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \ -Wno-deprecated-declarations \ -Wno-error $(eval $(call cflags-$(2),$(1),$(3),$(4))) -- cgit 1.4.1