git.samba.org / obnox / samba / samba-obnox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b4747b6)
build: improve stack protector check
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Fri, 11 Sep 2015 19:57:16 +0000 (16:57 -0300)
committerJeremy Allison <jra@samba.org>
Mon, 21 Sep 2015 21:29:13 +0000 (23:29 +0200)
Testing a toolchain for proper -fstack-protector must go beyond ensuring
the compiler and linker accept the option.
If the test C program does nothing with the stack then guards aren't
inserted and/or are optimized away giving the false impression that it
works when in fact the libc might not support it.

Update the check to a program that uses the stack, hence making a link
fail if proper support isn't available, for example in non-ssp enabled
uclibc toolchains like this:

test.c:(.text.startup+0x64): undefined reference to `__stack_chk_fail'

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 21 23:29:13 CEST 2015 on sn-devel-104

buildtools/wafsamba/samba_autoconf.py patch | blob | history

diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index c5f132cf17b48a3483342671cba79727bc3f4c91..ef34b001b6281e98606c15d61b68e5843074f7f6 100644 (file)
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -657,9 +657,23 @@ def SAMBA_CONFIG_H(conf, path=None):
     if not IN_LAUNCH_DIR(conf):
         return
 
-    if conf.CHECK_CFLAGS(['-fstack-protector']) and conf.CHECK_LDFLAGS(['-fstack-protector']):
-        conf.ADD_CFLAGS('-fstack-protector')
-        conf.ADD_LDFLAGS('-fstack-protector')
+    # we need to build real code that can't be optimized away to test
+    if conf.check(fragment='''
+        #include <stdio.h>
+
+        int main(void)
+        {
+            char t[100000];
+            while (fgets(t, sizeof(t), stdin));
+            return 0;
+        }
+        ''',
+        execute=0,
+        ccflags='-fstack-protector',
+        ldflags='-fstack-protector',
+        msg='Checking if toolchain accepts -fstack-protector'):
+            conf.ADD_CFLAGS('-fstack-protector')
+            conf.ADD_LDFLAGS('-fstack-protector')
 
     if Options.options.debug:
         conf.ADD_CFLAGS('-g', testflags=True)
Michael's Samba GIT