configure: Use -fstack-protector-strong when available

Testing whether the compiler supports it is a bit tricky. The obvious AX_APPEND_COMPILE_FLAGS([-fstack-protector-strong]) doesn't suffice, since some ports of the GNU toolchain reportedly pass this test, then fail to link. That's because the compiler accepts the flag, duly emits references to helper code in libc, but libc doesn't provide, and linking fails. Instead, use AX_APPEND_LINK_FLAGS with an input source that makes the compiler emit the extra stack checking code. This requires the latest version from the autoconf-archive, so update m4/ax* to commit e3d948b. Also update m4/my_append_compile_flags.m4 to keep it in sync with upstream's ax_append_compile_flags.m4. Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
2015-11-22 10:38:24 +01:00 · 2015-11-22 10:38:24 +01:00 · 9645caf6ff
commit 9645caf6ff
parent 41263cf8c9
5 changed files with 162 additions and 4 deletions
--- a/configure.ac
+++ b/configure.ac
@ -140,6 +140,23 @@ MY_APPEND_COMPILE_FLAGS([dnl
 -fno-strict-aliasing dnl
 -fno-strict-overflow])

+# Emit extra code to check for buffer overflows
+# Could fall back to -fstack-protector when -fstack-protector-strong
+# isnt't supported, for users of older compilers.  Doesn't seem worth
+# the trouble, though.
+# Some ports of the GNU toolchain reportedly support it in the
+# compiler, but not libc.  Use a test program that makes the compiler
+# emit the extra stack checking code, and test it compiles and links.
+AX_APPEND_LINK_FLAGS([-fstack-protector-strong], [], [],
+    [AC_LANG_SOURCE([[
+int
+main(int argc, char *argv[])
+{
+    char arr[64], *dst = arr, *src = argv[0];
+    while ((*dst++ = *src++)) ;
+}
+    ]])])
+

 ### Checks for library functions