On 06.06.2014 11:40, Ján Tomko wrote:
This option only makes sense with -fstack-protector.
With -fstack-protector-all, even functions with buffers
smaller than this are protected.
https://bugzilla.redhat.com/show_bug.cgi?id=1105456
---
m4/virt-compile-warnings.m4 | 8 --------
1 file changed, 8 deletions(-)
diff --git a/m4/virt-compile-warnings.m4 b/m4/virt-compile-warnings.m4
index 574fbc4..ebc931d 100644
--- a/m4/virt-compile-warnings.m4
+++ b/m4/virt-compile-warnings.m4
@@ -171,14 +171,6 @@ AC_DEFUN([LIBVIRT_COMPILE_WARNINGS],[
dnl be great overhead in adding -fstack-protector-all instead
dnl wantwarn="$wantwarn -fstack-protector"
wantwarn="$wantwarn -fstack-protector-all"
- wantwarn="$wantwarn --param=ssp-buffer-size=4"
- dnl Even though it supports it, clang complains about
- dnl use of --param=ssp-buffer-size=4 unless used with
- dnl the -c arg. It doesn't like it when used with args
- dnl that just link together .o files. Unfortunately
- dnl we can't avoid that with automake, so we must turn
- dnl off the following clang specific warning
- wantwarn="$wantwarn -Wno-unused-command-line-argument"
;;
*-*-freebsd*)
dnl FreeBSD ships old gcc 4.2.1 which doesn't handle
From the gcc man page:
-fstack-protector
Emit extra code to check for buffer overflows, such as stack
smashing attacks. This is done by adding a guard variable to functions
with vulnerable objects. This includes functions that call "alloca",
and functions with buffers larger than 8 bytes. The guards are
initialized when a function is entered and then checked when the
function exits. If a guard check fails, an error message is printed and
the program exits.
-fstack-protector-all
Like -fstack-protector except that all functions are protected.
So when using -fstack-protector-all even functions with 4B buffers are
protected.
ACK
Michal