Add switches for Spectre variant 1 mitigation

author: Anatol Belski <ab@php.net> 2018-01-17 14:31:51 +0100
committer: Anatol Belski <ab@php.net> 2018-01-17 14:33:08 +0100
commit: 043d53c7891e7f9437221acaf0fe0fd09a318b41 (patch)
tree: 793297347ab6d4e3eb8eb0eb0ce858bc5e72efcd
parent: ea56fc840ef077b373c9a6e1d6cec348fc89d192 (diff)
download: php-git-043d53c7891e7f9437221acaf0fe0fd09a318b41.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/win32/build/confutils.js b/win32/build/confutils.js
index a75546c86c..d8a8e34307 100644
--- a/win32/build/confutils.js
+++ b/win32/build/confutils.js
@@ -3068,6 +3068,19 @@ function toolset_setup_common_cflags()
 			// Set some debug/release specific options
 			ADD_FLAG('CFLAGS', ' /RTC1 ');
 		} else {
+			if (PHP_DEBUG == "no" && PHP_SECURITY_FLAGS == "yes") {
+				/* Mitigations for Spectre variant 1, see
+					https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-msvc/ 
+					TODO backport for all supported VS versions when they release it. */
+				if (VCVERS >= 1912) {
+					if (VCVERS >= 1913) {
+						ADD_FLAG('CFLAGS', "/Qspectre");
+					} else {
+						/* Undocumented. */
+						ADD_FLAG('CFLAGS', "/d2guardspecload");
+					}
+				}
+			}
 			if (VCVERS >= 1900) {
 				if (PHP_SECURITY_FLAGS == "yes") {
 					ADD_FLAG('CFLAGS', "/guard:cf");
author	Anatol Belski <ab@php.net>	2018-01-17 14:31:51 +0100
committer	Anatol Belski <ab@php.net>	2018-01-17 14:33:08 +0100
commit	043d53c7891e7f9437221acaf0fe0fd09a318b41 (patch)
tree	793297347ab6d4e3eb8eb0eb0ce858bc5e72efcd
parent	ea56fc840ef077b373c9a6e1d6cec348fc89d192 (diff)
download	php-git-043d53c7891e7f9437221acaf0fe0fd09a318b41.tar.gz