From 5e1b371b24ca2d33fa696ff11af45bbf609b163b Mon Sep 17 00:00:00 2001
From: wenshelx <wenshengx.wang@intel.com>
Date: Mon, 12 Feb 2018 13:15:06 +0800
Subject: [PATCH] security: fortify source and format string check

"-O2 -D_FORTIFY_SOURCE=2":
GCC C-Compiler can analyze the source code to be compiled and detect
certain insecure sections, that might create a security problem. The
compiler will replace the insecure function calls with special hardened
code that will perform extra runtime checks while the process is
executed.
"-Wformat -Wformat-security":
It warns about calls to "printf" and "scanf" functions where the format
string is not a string literal and there are no format arguments, as in
"printf (foo);". This may be a security hole if the format string came
from untrusted input and contains %n.

Tracked-On: 224003
Signed-off-by: wenshelx <wenshengx.wang@intel.com>
---
 Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Makefile b/Makefile
index f0d511748..c35b705b9 100644
--- a/Makefile
+++ b/Makefile
@@ -28,6 +28,8 @@ CFLAGS += -fshort-wchar -ffreestanding
 CFLAGS += -m64
 CFLAGS += -mno-red-zone
 CFLAGS += -static -nostdinc -nostdlib -fno-common
+CFLAGS += -O2 -D_FORTIFY_SOURCE=2
+CFLAGS += -Wformat -Wformat-security
 
 ifdef STACK_PROTECTOR
 ifeq (true, $(shell [ $(GCC_MAJOR) -gt 4 ] && echo true))