diff options
| author | rubidium <rubidium@openttd.org> | 2012-07-22 05:33:09 +0000 |
|---|---|---|
| committer | rubidium <rubidium@openttd.org> | 2012-07-22 05:33:09 +0000 |
| commit | 990c9f8a7f4371e59218f7c08a905cf9b3acd708 (patch) | |
| tree | bed36df0976cc13f591d6fdc0d451c421a2c2324 | |
| parent | 3202b09b120fa499be404047f95fe2cfb275e3cc (diff) | |
| download | openttd-990c9f8a7f4371e59218f7c08a905cf9b3acd708.tar.xz | |
(svn r24429) -Change: add some hardening flags to the compiler for release builds
| -rw-r--r-- | config.lib | 22 | ||||
| -rw-r--r-- | src/depend/depend.cpp | 5 |
2 files changed, 18 insertions, 9 deletions
diff --git a/config.lib b/config.lib index 36e0aacf0..f4e0da9e3 100644 --- a/config.lib +++ b/config.lib @@ -1302,8 +1302,8 @@ make_compiler_cflags() { flags="$flags -Wall -Wno-multichar -Wsign-compare -Wundef" flags="$flags -Wwrite-strings -Wpointer-arith" - flags="$flags -W -Wno-unused-parameter -Wformat=2" - flags="$flags -Wredundant-decls" + flags="$flags -W -Wno-unused-parameter -Wredundant-decls" + flags="$flags -Wformat=2 -Wformat-security -Werror=format-security" if [ $enable_assert -eq 0 ]; then # Do not warn about unused variables when building without asserts @@ -1427,12 +1427,6 @@ make_cflags_and_ldflags() { # Each debug level reduces the optimization by a bit if [ $enable_debug -ge 1 ]; then CFLAGS="$CFLAGS -g -D_DEBUG" - if basename "$cc_host" | grep "gcc" &>/dev/null; then - # Define only when compiling with GCC, some - # GLIBC versions use GNU extensions in a way - # that breaks build with at least ICC - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2" - fi if [ "$os" = "PSP" ]; then CFLAGS="$CFLAGS -G0" fi @@ -1447,6 +1441,18 @@ make_cflags_and_ldflags() { fi fi + if [ $enable_debug -le 2 ]; then + if basename "$cc_host" | grep "gcc" &>/dev/null; then + # Define only when compiling with GCC. Some GLIBC versions use GNU + # extensions in a way that breaks build with at least ICC. + # This requires -O1 or more, so debug level 3 (-O0) is excluded. + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2" + + # Just add -O1 to the tools needed for building. + CFLAGS_BUILD="$CFLAGS_BUILD -D_FORTIFY_SOURCE=2 -O1" + fi + fi + if [ "$os" = "OSX" ] && [ $cc_version -eq 40 ]; then # Apple's GCC 4.0 has a compiler bug for x86_64 with (higher) optimization, # wrongly optimizing ^= in loops. This disables the failing optimisation. diff --git a/src/depend/depend.cpp b/src/depend/depend.cpp index 67ceec25f..4d5ef35f3 100644 --- a/src/depend/depend.cpp +++ b/src/depend/depend.cpp @@ -910,7 +910,10 @@ int main(int argc, char *argv[]) size = ftell(src); rewind(src); content = (char*)malloc(size * sizeof(*content)); - fread(content, 1, size, src); + if (fread(content, 1, size, src) != (size_t)size) { + fprintf(stderr, "Could not read %s\n", filename); + exit(-2); + } fclose(src); } |