[vlc-devel] [PATCH] Configure: enable the stack-clashing protection
Rémi Denis-Courmont
remi at remlab.net
Tue May 19 16:58:34 CEST 2020
Le tiistaina 19. toukokuuta 2020, 15.35.12 EEST Jean-Baptiste Kempf a écrit :
> This is a bit different than the stack-smashing protection and
> should be available since gcc 8
> ---
> configure.ac | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/configure.ac b/configure.ac
> index aa140c941d4..e747adbf4f0 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -1237,6 +1237,8 @@ AS_IF([test "${enable_ssp}" != "no" -a
> "${enable_optimizations}" != "no"], [ VLC_SAVE_FLAGS
> AX_APPEND_COMPILE_FLAGS([-fstack-protector-strong])
> AX_APPEND_COMPILE_FLAGS([-fstack-protector-strong], [CXXFLAGS])
> + AX_APPEND_COMPILE_FLAGS([-fstack-clash-protection])
> + AX_APPEND_COMPILE_FLAGS([-fstack-clash-protection], [CXXFLAGS])
> dnl Win32 requires linking to ssp for stack-protection
> AS_IF([test "${SYS}" = "mingw32"], [
> LDFLAGS="${LDFLAGS} -lssp"
This has overhead and the benefits for VLC are far from obvious.
Known cases of *literal* stack overflow (as opposed to stack-based buffer
overflow) in VLC are the user shooting themselves for instance with insanely
deep config chains, not vulnerabilities.
IMO, this should not be forced.
--
Реми Дёни-Курмон
http://www.remlab.net/
More information about the vlc-devel
mailing list