add -fstack-check and hardening

author Jann Horn <jann@thejh.net>

Tue, 9 Jun 2015 18:40:36 +0000 (20:40 +0200)

committer Jann Horn <jann@thejh.net>

Tue, 9 Jun 2015 18:40:36 +0000 (20:40 +0200)
author Jann Horn <jann@thejh.net>
Tue, 9 Jun 2015 18:40:36 +0000 (20:40 +0200)
committer Jann Horn <jann@thejh.net>
Tue, 9 Jun 2015 18:40:36 +0000 (20:40 +0200)
diff --git a/compile.sh b/compile.sh

index b8e658e..9375a67 100755 (executable)
--- a/compile.sh
+++ b/compile.sh
@@ -11,7 +11,8 @@ set -f -u -e -o pipefail
  # flags for the build - adjust for your needs
  # delete all the generated stuff afterwards (with `rm -r gen`)
  CC='gcc'
-CFLAGS='-O3 -Wall -Werror -Wno-error=strict-aliasing -fPIC -std=c99 -march=native'
+# -fstack-check isn't just hardening - we do unbounded stack allocations in TPRINTF!
+CFLAGS='-O3 -Wall -Werror -Wno-error=strict-aliasing -fPIC -std=c99 -march=native -fstack-check -fstack-protector-all -D_FORTIFY_SOURCE=2'
  
  # create build environment if it doesn't exist yet
  mkdir -p gen # contains all generated files
author	Jann Horn <jann@thejh.net>
	Tue, 9 Jun 2015 18:40:36 +0000 (20:40 +0200)
committer	Jann Horn <jann@thejh.net>
	Tue, 9 Jun 2015 18:40:36 +0000 (20:40 +0200)