[PATCH] build: improve stack protector check
Jeremy Allison
jra at samba.org
Fri Sep 18 22:50:09 UTC 2015
On Fri, Sep 11, 2015 at 04:57:16PM -0300, Gustavo Zacarias wrote:
> Testing a toolchain for proper -fstack-protector must go beyond ensuring
> the compiler and linker accept the option.
> If the test C program does nothing with the stack then guards aren't
> inserted and/or are optimized away giving the false impression that it
> works when in fact the libc might not support it.
>
> Update the check to a program that uses the stack, hence making a link
> fail if proper support isn't available, for example in non-ssp enabled
> uclibc toolchains like this:
>
> test.c:(.text.startup+0x64): undefined reference to `__stack_chk_fail'
>
> Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
> ---
> buildtools/wafsamba/samba_autoconf.py | 20 +++++++++++++++++---
> 1 file changed, 17 insertions(+), 3 deletions(-)
>
> diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
> index c5f132c..ef34b00 100644
> --- a/buildtools/wafsamba/samba_autoconf.py
> +++ b/buildtools/wafsamba/samba_autoconf.py
> @@ -657,9 +657,23 @@ def SAMBA_CONFIG_H(conf, path=None):
> if not IN_LAUNCH_DIR(conf):
> return
>
> - if conf.CHECK_CFLAGS(['-fstack-protector']) and conf.CHECK_LDFLAGS(['-fstack-protector']):
> - conf.ADD_CFLAGS('-fstack-protector')
> - conf.ADD_LDFLAGS('-fstack-protector')
> + # we need to build real code that can't be optimized away to test
> + if conf.check(fragment='''
> + #include <stdio.h>
> +
> + int main(void)
> + {
> + char t[100000];
> + while (fgets(t, sizeof(t), stdin));
> + return 0;
> + }
> + ''',
> + execute=0,
> + ccflags='-fstack-protector',
> + ldflags='-fstack-protector',
> + msg='Checking if toolchain accepts -fstack-protector'):
> + conf.ADD_CFLAGS('-fstack-protector')
> + conf.ADD_LDFLAGS('-fstack-protector')
>
> if Options.options.debug:
> conf.ADD_CFLAGS('-g', testflags=True)
> --
> 2.4.6
Reviewed-by: Jeremy Allison <jra at samba.org>
Can I get a second Team reviewer ?
Cheers,
Jeremy.
More information about the samba-technical
mailing list