From 0fa47e6453747e3ef4ab707a5bcb34980a465a75 Mon Sep 17 00:00:00 2001
From: Jann Horn <jann@thejh.net>
Date: Tue, 9 Jun 2015 20:40:36 +0200
Subject: [PATCH] add -fstack-check and hardening

---
 compile.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/compile.sh b/compile.sh
index b8e658e..9375a67 100755
--- a/compile.sh
+++ b/compile.sh
@@ -11,7 +11,8 @@ set -f -u -e -o pipefail
 # flags for the build - adjust for your needs
 # delete all the generated stuff afterwards (with `rm -r gen`)
 CC='gcc'
-CFLAGS='-O3 -Wall -Werror -Wno-error=strict-aliasing -fPIC -std=c99 -march=native'
+# -fstack-check isn't just hardening - we do unbounded stack allocations in TPRINTF!
+CFLAGS='-O3 -Wall -Werror -Wno-error=strict-aliasing -fPIC -std=c99 -march=native -fstack-check -fstack-protector-all -D_FORTIFY_SOURCE=2'
 
 # create build environment if it doesn't exist yet
 mkdir -p gen # contains all generated files
-- 
2.20.1