diff options
author | Philip Kaufmann <phil.kaufmann@t-online.de> | 2012-07-16 14:33:25 +0200 |
---|---|---|
committer | Philip Kaufmann <phil.kaufmann@t-online.de> | 2012-09-22 12:28:39 +0200 |
commit | 807f3e83ba1c5299587c1c94555cd02f47dc2738 (patch) | |
tree | 8f7afff421ac7204754c3aa0bf36d4d246542f6c | |
parent | f394f21594bed80366f1e4ce066b1ba4e60cd5fb (diff) |
Bitcoin-Qt: expand GCC Stack-Smashing Protector usage (non Windows)
This patch currently excludes our Windows executable!
- change to use -fstack-protector-all
- the minimum size of buffers (i.e. arrays) that will receive stack
smashing protection was changed to 1 byte (GCC default: 8)
- warn about functions that will not be protected against stack
smashing by adding -Wstack-protector
-rw-r--r-- | bitcoin-qt.pro | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/bitcoin-qt.pro b/bitcoin-qt.pro index ed2cfa8f77..c6ddc98ff4 100644 --- a/bitcoin-qt.pro +++ b/bitcoin-qt.pro @@ -30,6 +30,13 @@ contains(RELEASE, 1) { } } +!win32 { +# for extra security against potential buffer overflows: enable GCCs Stack Smashing Protection +QMAKE_CXXFLAGS *= -fstack-protector-all --param ssp-buffer-size=1 +QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1 +# We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable! +# This can be enabled for Windows, when we switch to MinGW >= 4.4.x. +} # for extra security on Windows: enable ASLR and DEP via GCC linker flags win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat @@ -82,12 +89,6 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) { QTPLUGIN += qcncodecs qjpcodecs qtwcodecs qkrcodecs qtaccessiblewidgets } -!windows { - # for extra security against potential buffer overflows - QMAKE_CXXFLAGS += -fstack-protector - QMAKE_LFLAGS += -fstack-protector - # do not enable this on windows cross compile with mingw 4.2.x, as it will result in a non-working executable! -} # regenerate src/build.h !windows|contains(USE_BUILD_INFO, 1) { @@ -99,7 +100,7 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) { DEFINES += HAVE_BUILD_INFO } -QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter +QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter -Wstack-protector # Input DEPENDPATH += src src/json src/qt |