diff options
author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2015-09-11 16:57:16 -0300 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2015-09-21 23:29:13 +0200 |
commit | 1399198d51d1f79ff99304369442e04c015eef23 (patch) | |
tree | 567cde34286b75eecbeb13519c59c6895ad90596 /buildtools | |
parent | b4747b6364d9c49a3f146800921c44b3c39f59d1 (diff) | |
download | samba-1399198d51d1f79ff99304369442e04c015eef23.tar.gz |
build: improve stack protector check
Testing a toolchain for proper -fstack-protector must go beyond ensuring
the compiler and linker accept the option.
If the test C program does nothing with the stack then guards aren't
inserted and/or are optimized away giving the false impression that it
works when in fact the libc might not support it.
Update the check to a program that uses the stack, hence making a link
fail if proper support isn't available, for example in non-ssp enabled
uclibc toolchains like this:
test.c:(.text.startup+0x64): undefined reference to `__stack_chk_fail'
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 21 23:29:13 CEST 2015 on sn-devel-104
Diffstat (limited to 'buildtools')
-rw-r--r-- | buildtools/wafsamba/samba_autoconf.py | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index c5f132cf17b..ef34b001b62 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -657,9 +657,23 @@ def SAMBA_CONFIG_H(conf, path=None): if not IN_LAUNCH_DIR(conf): return - if conf.CHECK_CFLAGS(['-fstack-protector']) and conf.CHECK_LDFLAGS(['-fstack-protector']): - conf.ADD_CFLAGS('-fstack-protector') - conf.ADD_LDFLAGS('-fstack-protector') + # we need to build real code that can't be optimized away to test + if conf.check(fragment=''' + #include <stdio.h> + + int main(void) + { + char t[100000]; + while (fgets(t, sizeof(t), stdin)); + return 0; + } + ''', + execute=0, + ccflags='-fstack-protector', + ldflags='-fstack-protector', + msg='Checking if toolchain accepts -fstack-protector'): + conf.ADD_CFLAGS('-fstack-protector') + conf.ADD_LDFLAGS('-fstack-protector') if Options.options.debug: conf.ADD_CFLAGS('-g', testflags=True) |