aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilip Kaufmann <phil.kaufmann@t-online.de>2012-07-16 14:33:25 +0200
committerPhilip Kaufmann <phil.kaufmann@t-online.de>2012-09-22 12:28:39 +0200
commit807f3e83ba1c5299587c1c94555cd02f47dc2738 (patch)
tree8f7afff421ac7204754c3aa0bf36d4d246542f6c
parentf394f21594bed80366f1e4ce066b1ba4e60cd5fb (diff)
Bitcoin-Qt: expand GCC Stack-Smashing Protector usage (non Windows)
This patch currently excludes our Windows executable! - change to use -fstack-protector-all - the minimum size of buffers (i.e. arrays) that will receive stack smashing protection was changed to 1 byte (GCC default: 8) - warn about functions that will not be protected against stack smashing by adding -Wstack-protector
-rw-r--r--bitcoin-qt.pro15
1 files changed, 8 insertions, 7 deletions
diff --git a/bitcoin-qt.pro b/bitcoin-qt.pro
index ed2cfa8f77..c6ddc98ff4 100644
--- a/bitcoin-qt.pro
+++ b/bitcoin-qt.pro
@@ -30,6 +30,13 @@ contains(RELEASE, 1) {
}
}
+!win32 {
+# for extra security against potential buffer overflows: enable GCCs Stack Smashing Protection
+QMAKE_CXXFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
+QMAKE_LFLAGS *= -fstack-protector-all --param ssp-buffer-size=1
+# We need to exclude this for Windows cross compile with MinGW 4.2.x, as it will result in a non-working executable!
+# This can be enabled for Windows, when we switch to MinGW >= 4.4.x.
+}
# for extra security on Windows: enable ASLR and DEP via GCC linker flags
win32:QMAKE_LFLAGS *= -Wl,--dynamicbase -Wl,--nxcompat
@@ -82,12 +89,6 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) {
QTPLUGIN += qcncodecs qjpcodecs qtwcodecs qkrcodecs qtaccessiblewidgets
}
-!windows {
- # for extra security against potential buffer overflows
- QMAKE_CXXFLAGS += -fstack-protector
- QMAKE_LFLAGS += -fstack-protector
- # do not enable this on windows cross compile with mingw 4.2.x, as it will result in a non-working executable!
-}
# regenerate src/build.h
!windows|contains(USE_BUILD_INFO, 1) {
@@ -99,7 +100,7 @@ contains(BITCOIN_NEED_QT_PLUGINS, 1) {
DEFINES += HAVE_BUILD_INFO
}
-QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter
+QMAKE_CXXFLAGS_WARN_ON = -fdiagnostics-show-option -Wall -Wextra -Wformat -Wformat-security -Wno-unused-parameter -Wstack-protector
# Input
DEPENDPATH += src src/json src/qt