RFR: 8130017: use _FORTIFY_SOURCE in gcc fastdebug builds - was : RE: gcc FORTIFY_SOURCE application security flags
Erik Joelsson
erik.joelsson at oracle.com
Thu May 9 14:31:05 UTC 2019
Configure will protest if GCC version is less than 4.8 (see toolchain.m4
*_MINIMUM_VERSION variables).
That said, as long as we conditionally set the FDLIBM_CFLAGS like this,
I would say we need to continue honoring the result of that check. You
could also remove the check altogether since it seems to no longer be
needed.
/Erik
On 2019-05-09 07:14, Baesken, Matthias wrote:
> Hello,
> I tried setting
>
> "-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0"
>
> And this seems indeed to work , no warning any more .
>
> Let's hope gcc does not change the command line parsing .
>
> Btw. is there a gcc version that a) still compiles jdk/jdk and b) would show the issue ?
>
> (with our internally used gcc's we are always > 4.6 in jdk/jdk )
>
> Best regards, Matthias
>
>
>> -----Original Message-----
>> From: Erik Joelsson <erik.joelsson at oracle.com>
>> Sent: Donnerstag, 9. Mai 2019 15:18
>> To: Baesken, Matthias <matthias.baesken at sap.com>; David Holmes
>> <david.holmes at oracle.com>; 'build-dev at openjdk.java.net' <build-
>> dev at openjdk.java.net>
>> Subject: Re: RFR: 8130017: use _FORTIFY_SOURCE in gcc fastdebug builds -
>> was : RE: gcc FORTIFY_SOURCE application security flags
>>
>> Hello,
>>
>> I just tried this and you are correct. However, it does seem to work if
>> you instead use -U_FORTIFY_SOURCE.
>>
>> /Erik
>>
>> On 2019-05-09 05:36, Baesken, Matthias wrote:
>>> Hi Erik, while setting -O<x> and -O<y> (with x != y ) in one gcc/g++
>> command line call works ,
>>> setting together -D_FORTIFY_SOURCE=2 and -D_FORTIFY_SOURCE=0
>> in one command line call generates a warning , so I think we cannot do that .
>>>
>>> Best regards, Matthias
>>>
More information about the build-dev
mailing list