From d8241af33b38ea15eee60caebba0f931c80061be Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 27 May 2012 22:53:59 +0200 Subject: [PATCH] Detect overwrite of -D_FORTIFY_SOURCE=2 with -U_FORTIFY_SOURCE. --- bin/blhc | 1 + t/logs/bad-cppflags | 4 ++++ t/tests.t | 3 +++ 3 files changed, 8 insertions(+) diff --git a/bin/blhc b/bin/blhc index 51fc4e1..666a151 100755 --- a/bin/blhc +++ b/bin/blhc @@ -176,6 +176,7 @@ my @def_cppflags_fortify = ( ); my @def_cppflags_fortify_bad = ( # These flags may overwrite -D_FORTIFY_SOURCE=2. + '-U_FORTIFY_SOURCE', '-D_FORTIFY_SOURCE=0', '-D_FORTIFY_SOURCE=1', ); diff --git a/t/logs/bad-cppflags b/t/logs/bad-cppflags index 098cb96..2ea808a 100644 --- a/t/logs/bad-cppflags +++ b/t/logs/bad-cppflags @@ -15,3 +15,7 @@ gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wfor gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=0 -c test-d.c gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c + +gcc -U_FORTIFY_SOURCE -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -c test-g.c +gcc -U_FORTIFY_SOURCE -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-h.c +gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -U_FORTIFY_SOURCE -c test-i.c diff --git a/t/tests.t b/t/tests.t index 3bbd629..7b88c91 100644 --- a/t/tests.t +++ b/t/tests.t @@ -517,6 +517,9 @@ CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-p CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=0 -c test-d.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=0 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-e.c CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=1 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-f.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -U_FORTIFY_SOURCE -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -c test-g.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -U_FORTIFY_SOURCE -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -c test-h.c +CPPFLAGS missing (-D_FORTIFY_SOURCE=2): gcc -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -U_FORTIFY_SOURCE -c test-i.c '; is_blhc 'bad-cppflags', '--ignore-flag -D_FORTIFY_SOURCE=2', 0, -- 2.43.2