Hi Magnus, This seems reasonable. The proof of course is in the testing.
Thanks, David On 5/02/2016 8:48 PM, Magnus Ihse Bursie wrote:
A previous fix to check if -fstack-protector is accepted by gcc failed, since when testing the option, gcc emitted a warning and not an error. The one thing I'm thinking here about is if the ssp-buffer-size option should be more tightly coupled with the -fstack-protector flag. It does not harm to have it without the -f flag, but it seems a bit funny. Opinions? I also noted that this flag is added to CFLAGS_DEBUG_OPTIONS. This means that it only gets activated if we generate debug symbols. For Oracle builds we always do so it doesn't really matter, but I'd say that it's technically incorrect. I'd rather not fix that now, though, but save it for the upcoming and long overdue cleanup of flags handling. Bug: https://bugs.openjdk.java.net/browse/JDK-8129395 Patch inline: diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4 --- a/common/autoconf/flags.m4 +++ b/common/autoconf/flags.m4 @@ -1,5 +1,5 @@ # -# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it @@ -426,7 +426,7 @@ # Add runtime stack smashing and undefined behavior checks. # Not all versions of gcc support -fstack-protector STACK_PROTECTOR_CFLAG="-fstack-protector-all" - FLAGS_COMPILER_CHECK_ARGUMENTS(ARGUMENT: [$STACK_PROTECTOR_CFLAG], IF_FALSE: [STACK_PROTECTOR_CFLAG=""]) + FLAGS_COMPILER_CHECK_ARGUMENTS(ARGUMENT: [$STACK_PROTECTOR_CFLAG -Werror], IF_FALSE: [STACK_PROTECTOR_CFLAG=""]) CFLAGS_DEBUG_OPTIONS="$STACK_PROTECTOR_CFLAG --param ssp-buffer-size=1" CXXFLAGS_DEBUG_OPTIONS="$STACK_PROTECTOR_CFLAG --param ssp-buffer-size=1" /Magnus
