Skip to content

Commit 1c18c0d

Browse files
vszakatsvszakats
committed
_build.sh: enable more gcc and llvm/clang OpenSSF-recommended options [ci skip]
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
1 parent 78a1b89 commit 1c18c0d

File tree

1 file changed

+22
-0
lines changed

1 file changed

+22
-0
lines changed

_build.sh

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -937,6 +937,28 @@ build_single_target() {
937937
_CFLAGS_GLOBAL+=' -fstack-protector-all'
938938
_CXXFLAGS_GLOBAL+=' -fstack-protector-all'
939939

940+
_CFLAGS_GLOBAL+=' -fno-delete-null-pointer-checks'
941+
_CXXFLAGS_GLOBAL+=' -fno-delete-null-pointer-checks'
942+
if [ "${_CC}" = 'llvm' ]; then
943+
_CFLAGS_GLOBAL+=' -ftrivial-auto-var-init=zero'
944+
_CXXFLAGS_GLOBAL+=' -ftrivial-auto-var-init=zero'
945+
if [ "${_CCVER}" -ge '18' ]; then
946+
_CFLAGS_GLOBAL+=' -fno-strict-aliasing'
947+
_CXXFLAGS_GLOBAL+=' -fno-strict-aliasing'
948+
fi
949+
elif [ "${_CC}" = 'gcc' ]; then
950+
_CFLAGS_GLOBAL+=' -fno-strict-aliasing -fno-strict-overflow'
951+
_CXXFLAGS_GLOBAL+=' -fno-strict-aliasing -fno-strict-overflow'
952+
if [ "${_CCVER}" -ge '12' ]; then
953+
_CFLAGS_GLOBAL+=' -ftrivial-auto-var-init=zero'
954+
_CXXFLAGS_GLOBAL+=' -ftrivial-auto-var-init=zero'
955+
fi
956+
if [ "${_CCVER}" -ge '15' ]; then
957+
_CFLAGS_GLOBAL+=' -fzero-init-padding-bits=all'
958+
_CXXFLAGS_GLOBAL+=' -fzero-init-padding-bits=all'
959+
fi
960+
fi
961+
940962
if false && [ "${_CC}" = 'gcc' ] && [ "${_CCVER}" -ge '14' ]; then
941963
# https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#index-fhardened
942964
_CFLAGS_GLOBAL+=' -fhardened'

0 commit comments

Comments
 (0)