RE: RFR: 8130017: use _FORTIFY_SOURCE in gcc fastdebug builds - was : RE: gcc FORTIFY_SOURCE application security flags

Tue, 14 May 2019 03:18:14 -0700 

Hi Erik, here is the updated webrev :

http://cr.openjdk.java.net/~mbaesken/webrevs/8130017.2/


Best regards, Matthias


> -----Original Message-----
> From: Erik Joelsson <erik.joels...@oracle.com>
> Sent: Freitag, 10. Mai 2019 16:29
> To: Baesken, Matthias <matthias.baes...@sap.com>; David Holmes
> <david.hol...@oracle.com>; 'build-dev@openjdk.java.net' <build-
> d...@openjdk.java.net>
> Subject: Re: RFR: 8130017: use _FORTIFY_SOURCE in gcc fastdebug builds -
> was : RE: gcc FORTIFY_SOURCE application security flags
> 
> Hello Matthias,
> 
> I think just -U_FORTIFY_SOURCE should be enough to unset it, no need to
> also set it to 0. Also, I think it would be good to use an extra set of
> variables to avoid repeating the flag, like this:
> 
> ENABLE_FORTIFY_CFLAGS="-D_FORTIFY_SOURCE=2"
> DISABLE_FORTIFY_CFLAGS="-U_FORTIFY_SOURCE"
> C_O_FLAG_HIGHEST_JVM="${C_O_FLAG_HIGHEST_JVM}
> ${ENABLE_FORTIFY_CFLAGS}"
> ...
> 
> /Erik
> 
> On 2019-05-09 22:46, Baesken, Matthias wrote:
> > Hello, here  is  the  new webrev  with the
> >
> > "-U_FORTIFY_SOURCE  -D_FORTIFY_SOURCE=0"
> >
> > Set for the lower level optimization flags :
> >
> > http://cr.openjdk.java.net/~mbaesken/webrevs/8130017.1/
> >
> >
> > I would suggest to leave the pre-gcc4.8 cleanup to a separate change.
> >
> > Best regards, Matthias
> >
> >
> >
> >> Configure will protest if GCC version is less than 4.8 (see toolchain.m4
> >> *_MINIMUM_VERSION variables).
> >>
> >> That said, as long as we conditionally set the FDLIBM_CFLAGS like this,
> >> I would say we need to continue honoring the result of that check. You
> >> could also remove the check altogether since it seems to no longer be
> >> needed.
> >>
> >> /Erik
> >>
> >> On 2019-05-09 07:14, Baesken, Matthias wrote:
> >>> Hello,
> >>> I tried  setting
> >>>
> >>> "-U_FORTIFY_SOURCE  -D_FORTIFY_SOURCE=0"
> >>>
> >>> And this seems indeed to work , no warning any more .
> >>>
> >>> Let's hope gcc does not change  the command line parsing .
> >>>
> >>> Btw.  is there a gcc version  that   a) still compiles jdk/jdk    and  b) 
> >>>   would
> >> show the issue  ?
> >>> (with our internally used gcc's we are always > 4.6   in jdk/jdk )
> >>>
> >>> Best regards, Matthias
> >>>
> >>>
> >>>> -----Original Message-----
> >>>> From: Erik Joelsson <erik.joels...@oracle.com>
> >>>> Sent: Donnerstag, 9. Mai 2019 15:18
> >>>> To: Baesken, Matthias <matthias.baes...@sap.com>; David Holmes
> >>>> <david.hol...@oracle.com>; 'build-dev@openjdk.java.net' <build-
> >>>> d...@openjdk.java.net>
> >>>> Subject: Re: RFR: 8130017: use _FORTIFY_SOURCE in gcc fastdebug
> builds -
> >>>> was : RE: gcc FORTIFY_SOURCE application security flags
> >>>>
> >>>> Hello,
> >>>>
> >>>> I just tried this and you are correct. However, it does seem to work if
> >>>> you instead use -U_FORTIFY_SOURCE.
> >>>>
> >>>> /Erik
> >>>>
> >>>> On 2019-05-09 05:36, Baesken, Matthias wrote:
> >>>>> Hi Erik, while  setting -O<x>  and -O<y>  (with x != y )   in one 
> >>>>> gcc/g++
> >>>> command line call  works ,
> >>>>>      setting  together  -D_FORTIFY_SOURCE=2  and   -
> >> D_FORTIFY_SOURCE=0
> >>>> in one command line call  generates a warning , so I think we cannot do
> >> that .
> >>>>> Best regards, Matthias
> >>>>>

Reply via email to