Use _FORTIFY_SOURCE=3 and put it behind a build flag

2024-05-14 09:22:45 +12:00 · 2024-01-08 13:19:16 +01:00 · 2024-01-08 13:19:16 +01:00 · 19c6099c7c
parent 36842a3bcc
commit 19c6099c7c
3 changed files with 15 additions and 2 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -41,6 +41,7 @@ option(BTOP_LTO "Enable LTO" ON)
 option(BTOP_USE_MOLD "Use mold to link btop" OFF)
 option(BTOP_PEDANTIC "Enable a bunch of additional warnings" OFF)
 option(BTOP_WERROR "Compile with warnings as errors" OFF)
+option(BTOP_FORTIFY "Detect buffer overflows with _FORTIFY_SOURCE=3" ON)
 option(BTOP_GPU "Enable GPU support" ON)
 cmake_dependent_option(BTOP_RSMI_STATIC "Link statically to ROCm SMI" OFF "BTOP_GPU" OFF)

@ -112,7 +113,7 @@ target_compile_definitions(btop PRIVATE
  _FILE_OFFSET_BITS=64
  $<$<CONFIG:Debug>:_GLIBCXX_ASSERTIONS _LIBCPP_ENABLE_ASSERTIONS=1>
  # Only has an effect with optimizations enabled
-  $<$<NOT:$<CONFIG:Debug>>:_FORTIFY_SOURCE=2>
+  $<$<AND:$<NOT:$<CONFIG:Debug>>,$<BOOL:${BTOP_FORTIFY}>>:_FORTIFY_SOURCE=3>
 )

 target_include_directories(btop SYSTEM PRIVATE include)
--- a/7
+++ b/7
@ -50,6 +50,11 @@ ifeq ($(GPU_SUPPORT),true)
 	override ADDFLAGS += -DGPU_SUPPORT
 endif

+FORTIFY_SOURCE ?= true
+ifeq ($(FORTIFY_SOURCE),true)
+	override ADDFLAGS += -D_FORTIFY_SOURCE=3
+endif
+
 #? Compiler and Linker
 ifeq ($(shell $(CXX) --version | grep clang >/dev/null 2>&1; echo $$?),0)
 	override CXX_IS_CLANG := true
@ -174,7 +179,7 @@ override GOODFLAGS := $(foreach flag,$(TESTFLAGS),$(strip $(shell echo "int main
 override REQFLAGS   := -std=c++20
 WARNFLAGS			:= -Wall -Wextra -pedantic
 OPTFLAGS			:= -O2 -ftree-vectorize -flto=$(LTO)
-LDCXXFLAGS			:= -pthread -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -D_FILE_OFFSET_BITS=64 $(GOODFLAGS) $(ADDFLAGS)
+LDCXXFLAGS			:= -pthread -D_GLIBCXX_ASSERTIONS -D_FILE_OFFSET_BITS=64 $(GOODFLAGS) $(ADDFLAGS)
 override CXXFLAGS	+= $(REQFLAGS) $(LDCXXFLAGS) $(OPTFLAGS) $(WARNFLAGS)
 override LDFLAGS	+= $(LDCXXFLAGS) $(OPTFLAGS) $(WARNFLAGS)
 INC					:= $(foreach incdir,$(INCDIRS),-isystem $(incdir)) -I$(SRCDIR)
--- a/README.md
+++ b/README.md
@ -405,6 +405,7 @@ Also needs a UTF8 locale and a font that covers:
   | `STRIP=true`                    | To force stripping of debug symbols (adds `-s` linker flag)             |
   | `DEBUG=true`                    | Sets OPTFLAGS to `-O0 -g` and enables more verbose debug logging        |
   | `ARCH=<architecture>`           | To manually set the target architecture                                 |
+   | `FORTIFY_SOURCE=false`          | Disable fortification with `_FORTIFY_SOURCE=3`                          |
   | `GPU_SUPPORT=<true\|false>`     | Enable/disable GPU support (Enabled by default on X86_64 Linux)         |
   | `RSMI_STATIC=true`              | To statically link the ROCm SMI library used for querying AMDGPU        |
   | `ADDFLAGS=<flags>`              | For appending flags to both compiler and linker                         |
@ -503,6 +504,7 @@ Also needs a UTF8 locale and a font that covers:
   | `-DBTOP_USE_MOLD=<ON\|OFF>`     | Use mold to link btop (OFF by default)                                  |
   | `-DBTOP_PEDANTIC=<ON\|OFF>`     | Compile with additional warnings (OFF by default)                       |
   | `-DBTOP_WERROR=<ON\|OFF>`       | Compile with warnings as errors (OFF by default)                        |
+   | `-DBTOP_FORTIFY=<ON\|OFF>`      | Detect buffer overflows with `_FORTIFY_SOURCE=3` (ON by default)        |
   | `-DBTOP_GPU=<ON\|OFF>`          | Enable GPU support (ON by default)                                      |
   | `-DBTOP_RSMI_STATIC=<ON\|OFF>`  | Build and link the ROCm SMI library statically (OFF by default)         |
   | `-DCMAKE_INSTALL_PREFIX=<path>` | The installation prefix ('/usr/local' by default)                       |
@ -576,6 +578,7 @@ Also needs a UTF8 locale and a font that covers:
   | `STRIP=true`                    | To force stripping of debug symbols (adds `-s` linker flag)             |
   | `DEBUG=true`                    | Sets OPTFLAGS to `-O0 -g` and enables more verbose debug logging        |
   | `ARCH=<architecture>`           | To manually set the target architecture                                 |
+   | `FORTIFY_SOURCE=false`          | Disable fortification with `_FORTIFY_SOURCE=3`                          |
   | `ADDFLAGS=<flags>`              | For appending flags to both compiler and linker                         |
   | `CXX=<compiler>`                | Manualy set which compiler to use                                       |

@ -674,6 +677,7 @@ Also needs a UTF8 locale and a font that covers:
   | `-DBTOP_USE_MOLD=<ON\|OFF>`     | Use mold to link btop (OFF by default)                                  |
   | `-DBTOP_PEDANTIC=<ON\|OFF>`     | Compile with additional warnings (OFF by default)                       |
   | `-DBTOP_WERROR=<ON\|OFF>`       | Compile with warnings as errors (OFF by default)                        |
+   | `-DBTOP_FORTIFY=<ON\|OFF>`      | Detect buffer overflows with `_FORTIFY_SOURCE=3` (ON by default)        |
   | `-DCMAKE_INSTALL_PREFIX=<path>` | The installation prefix ('/usr/local' by default)                       |

   To force any specific compiler, run `CXX=<compiler> cmake -B build -G Ninja`
@ -742,6 +746,7 @@ Also needs a UTF8 locale and a font that covers:
   | `STRIP=true`                    | To force stripping of debug symbols (adds `-s` linker flag)             |
   | `DEBUG=true`                    | Sets OPTFLAGS to `-O0 -g` and enables more verbose debug logging        |
   | `ARCH=<architecture>`           | To manually set the target architecture                                 |
+   | `FORTIFY_SOURCE=false`          | Disable fortification with `_FORTIFY_SOURCE=3`                          |
   | `ADDFLAGS=<flags>`              | For appending flags to both compiler and linker                         |
   | `CXX=<compiler>`                | Manualy set which compiler to use                                       |

@ -851,6 +856,7 @@ Also needs a UTF8 locale and a font that covers:
   | `-DBTOP_USE_MOLD=<ON\|OFF>`     | Use mold to link btop (OFF by default)                                  |
   | `-DBTOP_PEDANTIC=<ON\|OFF>`     | Compile with additional warnings (OFF by default)                       |
   | `-DBTOP_WERROR=<ON\|OFF>`       | Compile with warnings as errors (OFF by default)                        |
+   | `-DBTOP_FORTIFY=<ON\|OFF>`      | Detect buffer overflows with `_FORTIFY_SOURCE=3` (ON by default)        |
   | `-DCMAKE_INSTALL_PREFIX=<path>` | The installation prefix ('/usr/local' by default)                       |

   _**Note:** Static linking does not work with GCC._
@ -921,6 +927,7 @@ Also needs a UTF8 locale and a font that covers:
   | `STRIP=true`                    | To force stripping of debug symbols (adds `-s` linker flag)             |
   | `DEBUG=true`                    | Sets OPTFLAGS to `-O0 -g` and enables more verbose debug logging        |
   | `ARCH=<architecture>`           | To manually set the target architecture                                 |
+   | `FORTIFY_SOURCE=false`          | Disable fortification with `_FORTIFY_SOURCE=3`                          |
   | `ADDFLAGS=<flags>`              | For appending flags to both compiler and linker                         |
   | `CXX=<compiler>`                | Manualy set which compiler to use                                       |