github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-05-31 03:15:42 +00:00
Code Issues Projects Releases Wiki Activity

security: fortify source and format string check

Browse Source 
"-O2 -D_FORTIFY_SOURCE=2":
GCC C-Compiler can analyze the source code to be compiled and detect
certain insecure sections, that might create a security problem. The
compiler will replace the insecure function calls with special hardened
code that will perform extra runtime checks while the process is
executed.
"-Wformat -Wformat-security":
It warns about calls to "printf" and "scanf" functions where the format
string is not a string literal and there are no format arguments, as in
"printf (foo);". This may be a security hole if the format string came
from untrusted input and contains %n.

Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
This commit is contained in:
wenshelx 2018-02-12 13:15:06 +08:00 committed by Anthony Xu
parent 7ace7f2558
commit 5e1b371b24
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -28,6 +28,8 @@ CFLAGS += -fshort-wchar -ffreestanding
CFLAGS += -m64
CFLAGS += -mno-red-zone
CFLAGS += -static -nostdinc -nostdlib -fno-common
CFLAGS += -O2 -D_FORTIFY_SOURCE=2
CFLAGS += -Wformat -Wformat-security
ifdef STACK_PROTECTOR
ifeq (true, $(shell [ $(GCC_MAJOR) -gt 4 ] && echo true))