GCC 8 code generation
Michael Stahl
mst at libreoffice.org
Fri May 4 08:46:20 UTC 2018
it looks like GCC 8 has sprouted some new security mitigation features:
https://gcc.gnu.org/gcc-8/changes.html
-fstack-clash-protection:
* The new option -fstack-clash-protection causes the compiler to insert
probes whenever stack space is allocated statically or dynamically to
reliably detect stack overflows and thus mitigate the attack vector that
relies on jumping over a stack guard page as provided by the operating
system.
-fcf-protection:
* A new option -fcf-protection=[full|branch|return|none] is introduced
to perform code instrumentation to increase program security by checking
that target addresses of control-flow transfer instructions (such as
indirect function call, function return, indirect jump) are valid.
Currently the instrumentation is supported on x86 GNU/Linux targets
only. See the user guide for further information about the option syntax
and section "New Targets and Target Specific Improvements" for
IA-32/x86-64 for more details.
the latter looks similar to MSVC's /guard:cf, which we don't use yet,
and might potentially run into issues with the C++/UNO bridge's dynamic
code generation.
https://docs.microsoft.com/en-us/cpp/build/reference/guard-enable-control-flow-guard
but i'm hoping the stack-clash-protection could be enabled without issues.
More information about the LibreOffice
mailing list