From: Simon Ruderich <simon@ruderich.org>
Date: Sun, 27 May 2012 20:53:59 +0000 (+0200)
Subject: Detect overwrite of -D_FORTIFY_SOURCE=2 with -U_FORTIFY_SOURCE.
X-Git-Tag: 0.03~1
X-Git-Url: https://ruderich.org/simon/gitweb/?p=blhc%2Fblhc.git;a=commitdiff_plain;h=d8241af33b38ea15eee60caebba0f931c80061be;hp=3e7cbdd4d5a13ed64e957f1c89f106113a8f6a2c

Detect overwrite of -D_FORTIFY_SOURCE=2 with -U_FORTIFY_SOURCE.
---

diff --git a/bin/blhc b/bin/blhc
index 51fc4e1..666a151 100755
--- a/bin/blhc
+++ b/bin/blhc
@@ -176,6 +176,7 @@ my @def_cppflags_fortify = (
 );
 my @def_cppflags_fortify_bad = (
     # These flags may overwrite -D_FORTIFY_SOURCE=2.
+    '-U_FORTIFY_SOURCE',
     '-D_FORTIFY_SOURCE=0',
     '-D_FORTIFY_SOURCE=1',
 );
diff --git a/t/logs/bad-cppflags b/t/logs/bad-cppflags
index 098cb96..2ea808a 100644
--- a/t/logs/bad-cppflags
+++ b/t/logs/bad-cppflags
@@ -15,3 +15,7 @@ gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wfor
 gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=0 -c test-d.c
 gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c
 gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c
+
+gcc -U_FORTIFY_SOURCE   -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -c test-g.c
+gcc -U_FORTIFY_SOURCE   -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-h.c
+gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -U_FORTIFY_SOURCE -c test-i.c
diff --git a/t/tests.t b/t/tests.t
index 3bbd629..7b88c91 100644
--- a/t/tests.t
+++ b/t/tests.t
@@ -517,6 +517,9 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-p
 CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=0 -c test-d.c
 CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c
 CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -U_FORTIFY_SOURCE   -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -c test-g.c
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -U_FORTIFY_SOURCE   -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-h.c
+CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -U_FORTIFY_SOURCE -c test-i.c
 ';
 
 is_blhc 'bad-cppflags', '--ignore-flag -D_FORTIFY_SOURCE=2', 0,