On Mon, Sep 03, 2012 at 06:40:08PM -0400, Greg Troxel wrote: > > Ian Goldberg <i...@cypherpunks.ca> writes: > > > OK, then I guess the thing to do is just to turn off hardening for that > > build environment? [I believe the hardening is only actually enabled > > when -O2 is on, regardless of whether the compiler options are specified > > or not, so turning it to -O1 or -O0 will also turn off hardening, so you > > may as well just turn off the hardening and leave it at -O2.] > > I was going to leave on SSP and use -O1, but if SSP really needs -O2, I > might as well use -O2 and no SSP.
That's my understanding. > I plan to just do that for all of > pkgsrc to start; it doesn't seem that harmful (or -O1 didn't). > > There's still a tiny chance there's something sick going on where the > code is buggy and with SSP things can be proved to always overwrite so > it just returns, and thus the compiler is right. But I'll give that > only 2 in 10^4, esp. since I'd expect an abort if SSP triggers. If that were the case, I'd expect later versions of gcc to behave the same way, though? Well, I guess not necessarily. But if gcc 4.1.3 is _correctly_ optimizing away a good chunk of the whole function, then something is wrong in the common case, and valgrind would have reported it, I'd think? - Ian _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
