From 19c6099c7c48efd85959bed7391a19449091f9bb Mon Sep 17 00:00:00 2001 From: Steffen Winter Date: Mon, 8 Jan 2024 13:19:16 +0100 Subject: [PATCH] Use _FORTIFY_SOURCE=3 and put it behind a build flag --- CMakeLists.txt | 3 ++- Makefile | 7 ++++++- README.md | 7 +++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 3f8c546..2480efb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -41,6 +41,7 @@ option(BTOP_LTO "Enable LTO" ON) option(BTOP_USE_MOLD "Use mold to link btop" OFF) option(BTOP_PEDANTIC "Enable a bunch of additional warnings" OFF) option(BTOP_WERROR "Compile with warnings as errors" OFF) +option(BTOP_FORTIFY "Detect buffer overflows with _FORTIFY_SOURCE=3" ON) option(BTOP_GPU "Enable GPU support" ON) cmake_dependent_option(BTOP_RSMI_STATIC "Link statically to ROCm SMI" OFF "BTOP_GPU" OFF) @@ -112,7 +113,7 @@ target_compile_definitions(btop PRIVATE _FILE_OFFSET_BITS=64 $<$:_GLIBCXX_ASSERTIONS _LIBCPP_ENABLE_ASSERTIONS=1> # Only has an effect with optimizations enabled - $<$>:_FORTIFY_SOURCE=2> + $<$>,$>:_FORTIFY_SOURCE=3> ) target_include_directories(btop SYSTEM PRIVATE include) diff --git a/Makefile b/Makefile index 36e2ea1..36153a3 100644 --- a/Makefile +++ b/Makefile @@ -50,6 +50,11 @@ ifeq ($(GPU_SUPPORT),true) override ADDFLAGS += -DGPU_SUPPORT endif +FORTIFY_SOURCE ?= true +ifeq ($(FORTIFY_SOURCE),true) + override ADDFLAGS += -D_FORTIFY_SOURCE=3 +endif + #? Compiler and Linker ifeq ($(shell $(CXX) --version | grep clang >/dev/null 2>&1; echo $$?),0) override CXX_IS_CLANG := true @@ -174,7 +179,7 @@ override GOODFLAGS := $(foreach flag,$(TESTFLAGS),$(strip $(shell echo "int main override REQFLAGS := -std=c++20 WARNFLAGS := -Wall -Wextra -pedantic OPTFLAGS := -O2 -ftree-vectorize -flto=$(LTO) -LDCXXFLAGS := -pthread -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS -D_FILE_OFFSET_BITS=64 $(GOODFLAGS) $(ADDFLAGS) +LDCXXFLAGS := -pthread -D_GLIBCXX_ASSERTIONS -D_FILE_OFFSET_BITS=64 $(GOODFLAGS) $(ADDFLAGS) override CXXFLAGS += $(REQFLAGS) $(LDCXXFLAGS) $(OPTFLAGS) $(WARNFLAGS) override LDFLAGS += $(LDCXXFLAGS) $(OPTFLAGS) $(WARNFLAGS) INC := $(foreach incdir,$(INCDIRS),-isystem $(incdir)) -I$(SRCDIR) diff --git a/README.md b/README.md index 0b351a2..827f3a3 100644 --- a/README.md +++ b/README.md @@ -405,6 +405,7 @@ Also needs a UTF8 locale and a font that covers: | `STRIP=true` | To force stripping of debug symbols (adds `-s` linker flag) | | `DEBUG=true` | Sets OPTFLAGS to `-O0 -g` and enables more verbose debug logging | | `ARCH=` | To manually set the target architecture | + | `FORTIFY_SOURCE=false` | Disable fortification with `_FORTIFY_SOURCE=3` | | `GPU_SUPPORT=` | Enable/disable GPU support (Enabled by default on X86_64 Linux) | | `RSMI_STATIC=true` | To statically link the ROCm SMI library used for querying AMDGPU | | `ADDFLAGS=` | For appending flags to both compiler and linker | @@ -503,6 +504,7 @@ Also needs a UTF8 locale and a font that covers: | `-DBTOP_USE_MOLD=` | Use mold to link btop (OFF by default) | | `-DBTOP_PEDANTIC=` | Compile with additional warnings (OFF by default) | | `-DBTOP_WERROR=` | Compile with warnings as errors (OFF by default) | + | `-DBTOP_FORTIFY=` | Detect buffer overflows with `_FORTIFY_SOURCE=3` (ON by default) | | `-DBTOP_GPU=` | Enable GPU support (ON by default) | | `-DBTOP_RSMI_STATIC=` | Build and link the ROCm SMI library statically (OFF by default) | | `-DCMAKE_INSTALL_PREFIX=` | The installation prefix ('/usr/local' by default) | @@ -576,6 +578,7 @@ Also needs a UTF8 locale and a font that covers: | `STRIP=true` | To force stripping of debug symbols (adds `-s` linker flag) | | `DEBUG=true` | Sets OPTFLAGS to `-O0 -g` and enables more verbose debug logging | | `ARCH=` | To manually set the target architecture | + | `FORTIFY_SOURCE=false` | Disable fortification with `_FORTIFY_SOURCE=3` | | `ADDFLAGS=` | For appending flags to both compiler and linker | | `CXX=` | Manualy set which compiler to use | @@ -674,6 +677,7 @@ Also needs a UTF8 locale and a font that covers: | `-DBTOP_USE_MOLD=` | Use mold to link btop (OFF by default) | | `-DBTOP_PEDANTIC=` | Compile with additional warnings (OFF by default) | | `-DBTOP_WERROR=` | Compile with warnings as errors (OFF by default) | + | `-DBTOP_FORTIFY=` | Detect buffer overflows with `_FORTIFY_SOURCE=3` (ON by default) | | `-DCMAKE_INSTALL_PREFIX=` | The installation prefix ('/usr/local' by default) | To force any specific compiler, run `CXX= cmake -B build -G Ninja` @@ -742,6 +746,7 @@ Also needs a UTF8 locale and a font that covers: | `STRIP=true` | To force stripping of debug symbols (adds `-s` linker flag) | | `DEBUG=true` | Sets OPTFLAGS to `-O0 -g` and enables more verbose debug logging | | `ARCH=` | To manually set the target architecture | + | `FORTIFY_SOURCE=false` | Disable fortification with `_FORTIFY_SOURCE=3` | | `ADDFLAGS=` | For appending flags to both compiler and linker | | `CXX=` | Manualy set which compiler to use | @@ -851,6 +856,7 @@ Also needs a UTF8 locale and a font that covers: | `-DBTOP_USE_MOLD=` | Use mold to link btop (OFF by default) | | `-DBTOP_PEDANTIC=` | Compile with additional warnings (OFF by default) | | `-DBTOP_WERROR=` | Compile with warnings as errors (OFF by default) | + | `-DBTOP_FORTIFY=` | Detect buffer overflows with `_FORTIFY_SOURCE=3` (ON by default) | | `-DCMAKE_INSTALL_PREFIX=` | The installation prefix ('/usr/local' by default) | _**Note:** Static linking does not work with GCC._ @@ -921,6 +927,7 @@ Also needs a UTF8 locale and a font that covers: | `STRIP=true` | To force stripping of debug symbols (adds `-s` linker flag) | | `DEBUG=true` | Sets OPTFLAGS to `-O0 -g` and enables more verbose debug logging | | `ARCH=` | To manually set the target architecture | + | `FORTIFY_SOURCE=false` | Disable fortification with `_FORTIFY_SOURCE=3` | | `ADDFLAGS=` | For appending flags to both compiler and linker | | `CXX=` | Manualy set which compiler to use |