From: Jann Horn <jann@thejh.net>
Date: Tue, 9 Jun 2015 18:40:36 +0000 (+0200)
Subject: add -fstack-check and hardening
X-Git-Url: http://git.thejh.net/?p=libjh.git;a=commitdiff_plain;h=0fa47e6453747e3ef4ab707a5bcb34980a465a75;hp=c5c85660f673e4324563a486a6463074f9f5eff8

add -fstack-check and hardening
---

diff --git a/compile.sh b/compile.sh
index b8e658e..9375a67 100755
--- a/compile.sh
+++ b/compile.sh
@@ -11,7 +11,8 @@ set -f -u -e -o pipefail
 # flags for the build - adjust for your needs
 # delete all the generated stuff afterwards (with `rm -r gen`)
 CC='gcc'
-CFLAGS='-O3 -Wall -Werror -Wno-error=strict-aliasing -fPIC -std=c99 -march=native'
+# -fstack-check isn't just hardening - we do unbounded stack allocations in TPRINTF!
+CFLAGS='-O3 -Wall -Werror -Wno-error=strict-aliasing -fPIC -std=c99 -march=native -fstack-check -fstack-protector-all -D_FORTIFY_SOURCE=2'
 
 # create build environment if it doesn't exist yet
 mkdir -p gen # contains all generated files