RFR: 8130017: use _FORTIFY_SOURCE in gcc fastdebug builds - was : RE: gcc FORTIFY_SOURCE application security flags
Baesken, Matthias
matthias.baesken at sap.com
Tue May 14 13:51:01 UTC 2019
Thanks !
May I have a second review ?
Btw I added a comment to
https://bugs.openjdk.java.net/browse/JDK-8130017
describing a bit the "current situation" (minimum gcc 4.8 + "-U_FORTIFY_SOURCE" for lower level OPT-flags (< -O1) ) .
Best regards, Matthias
>
> Looks good, thanks!
>
> /Erik
>
> On 2019-05-14 03:16, Baesken, Matthias wrote:
> > Hi Erik, here is the updated webrev :
> >
> > http://cr.openjdk.java.net/~mbaesken/webrevs/8130017.2/
> >
> >
> > Best regards, Matthias
> >
> >
> >> -----Original Message-----
> >> From: Erik Joelsson <erik.joelsson at oracle.com>
> >> Sent: Freitag, 10. Mai 2019 16:29
> >> To: Baesken, Matthias <matthias.baesken at sap.com>; David Holmes
> >> <david.holmes at oracle.com>; 'build-dev at openjdk.java.net' <build-
> >> dev at openjdk.java.net>
> >> Subject: Re: RFR: 8130017: use _FORTIFY_SOURCE in gcc fastdebug builds -
> >> was : RE: gcc FORTIFY_SOURCE application security flags
> >>
> >> Hello Matthias,
> >>
> >> I think just -U_FORTIFY_SOURCE should be enough to unset it, no need to
> >> also set it to 0. Also, I think it would be good to use an extra set of
> >> variables to avoid repeating the flag, like this:
> >>
> >> ENABLE_FORTIFY_CFLAGS="-D_FORTIFY_SOURCE=2"
> >> DISABLE_FORTIFY_CFLAGS="-U_FORTIFY_SOURCE"
> >> C_O_FLAG_HIGHEST_JVM="${C_O_FLAG_HIGHEST_JVM}
> >> ${ENABLE_FORTIFY_CFLAGS}"
> >> ...
> >>
More information about the build-dev
mailing list