GCC 8 code generation

Michael Stahl mst at libreoffice.org
Fri May 4 08:46:20 UTC 2018

it looks like GCC 8 has sprouted some new security mitigation features:


* The new option -fstack-clash-protection causes the compiler to insert 
probes whenever stack space is allocated statically or dynamically to 
reliably detect stack overflows and thus mitigate the attack vector that 
relies on jumping over a stack guard page as provided by the operating 

* A new option -fcf-protection=[full|branch|return|none] is introduced 
to perform code instrumentation to increase program security by checking 
that target addresses of control-flow transfer instructions (such as 
indirect function call, function return, indirect jump) are valid. 
Currently the instrumentation is supported on x86 GNU/Linux targets 
only. See the user guide for further information about the option syntax 
and section "New Targets and Target Specific Improvements" for 
IA-32/x86-64 for more details.

the latter looks similar to MSVC's /guard:cf, which we don't use yet, 
and might potentially run into issues with the C++/UNO bridge's dynamic 
code generation.


but i'm hoping the stack-clash-protection could be enabled without issues.

More information about the LibreOffice mailing list