Re: [FFmpeg-devel] [PATCH] configure: Fix debugging on mingw-w64 with gdb
I think the logic is correct but I won't be able to test it with the changes until tomorrow. I wanted to get the patch on the ML as soon as possible since debugging is currently broken. As I mentioned in the original patch thread I'll see about taking another stab at binutils to see if this can't get fixed upstream. In the mean time keeping the reloc hack enabled for release builds seems reasonable. Sorry for the delay in addressing this. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] configure: Fix debugging on mingw-w64 with gdb
The relocation hack broke debugging on mingw-w64 when using gdb. This makes the reloc hack dependent on --disable-debug so it's still enabled for release builds. This is simply an immediate fix for the issue of broken debugging, we should probably still look at the possibility of reverting it outright if it proves to be more trouble than it's worth. For now keeping it enabled for release builds is a reasonable trade off. Signed-off-by: Alex Smith <ther...@warpsharp.info> --- configure | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure b/configure index e550547..e8c4a7b 100755 --- a/configure +++ b/configure @@ -4634,9 +4634,9 @@ case $target_os in # however ld then forgets what the entry point should be (oops) so we # have to manually (re)set it. if enabled x86_32; then -add_ldexeflags -Wl,--pic-executable,-e,_mainCRTStartup +disabled debug && add_ldexeflags -Wl,--pic-executable,-e,_mainCRTStartup elif enabled x86_64; then -add_ldexeflags -Wl,--pic-executable,-e,mainCRTStartup +disabled debug && add_ldexeflags -Wl,--pic-executable,-e,mainCRTStartup check_ldflags -Wl,--high-entropy-va # binutils 2.25 # Set image base >4GB for extra entropy with HEASLR add_ldexeflags -Wl,--image-base,0x14000 -- 1.9.5.msysgit.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] configure: Force mingw's ld to keep the reloc section
On Sun, Mar 20, 2016 at 6:29 AM, Christophe Gisquet < christophe.gisq...@gmail.com> wrote: > > > I understand the sentiment, and there's probably little lost in > keeping it, but... is it not a hack? ie: > - When do you notice the added security is no longer there/it breaks > in even worse ways? > - Who is and would be available and able to prevent it from breaking? > Because it already has, and almost nobody dealt with it. > > The original author already did well in reporting the issue to > binutils, so I'm certainly not complaining about his efforts. > > -- > Christophe > ___ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > Sorry didn't see this until now. I think that making it dependent on enable/disable-debug is reasonable for an immediate fix. I'll see about taking another stab at binutils and seeing if this can't get fixed upstream. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH 2/3 v2] configure: Support for HEASLR on mingw targets
From: Alex Smith <alex.sm...@warpsharp.info> The appropriate flag for HEASLR (--high-entropy-va) was added in binutils 2.25. Also set the image base >4GB so higher entropy gets applied to image base randomization when used with HEASLR (8 -> 17 bits of randomization). Windows does this for compatibility because of "latent pointer truncation issues". Signed-off-by: Alex Smith <alex.sm...@warpsharp.info> --- configure | 4 1 file changed, 4 insertions(+) diff --git a/configure b/configure index f6bc622..0a4b4ed 100755 --- a/configure +++ b/configure @@ -4401,6 +4401,10 @@ case $target_os in add_ldexeflags -Wl,--pic-executable,-e,_mainCRTStartup elif enabled x86_64; then add_ldexeflags -Wl,--pic-executable,-e,mainCRTStartup +check_ldflags -Wl,--high-entropy-va # binutils 2.25 +# Set image base >4GB for extra entropy with HEASLR +add_ldexeflags -Wl,--image-base,0x14000 +append SHFLAGS -Wl,--image-base,0x18000 fi ;; win32|win64) -- 1.9.5.msysgit.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] configure: Combine dynamicbase and nxcompat checks
They were added to binutils in the same version so it's safe to combine. Signed-off-by: Alex Smith <ther...@warpsharp.info> --- configure | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/configure b/configure index 3339126..b572d59 100755 --- a/configure +++ b/configure @@ -4367,8 +4367,6 @@ case $target_os in LIBTARGET=arm-wince fi enabled shared && ! enabled small && check_cmd $windres --version && enable gnu_windres -check_ldflags -Wl,--nxcompat -check_ldflags -Wl,--dynamicbase enabled x86_32 && check_ldflags -Wl,--large-address-aware shlibdir_default="$bindir_default" SLIBPREF="" @@ -4392,6 +4390,7 @@ case $target_os in objformat="win32" ranlib=: enable dos_paths +check_ldflags -Wl,--nxcompat,--dynamicbase # Lets work around some stupidity in binutils. # ld will strip relocations from executables even though we need them # for dynamicbase (ASLR). Using -pie does retain the reloc section -- 1.9.5.msysgit.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] configure: Force mingw's ld to keep the reloc section
On Tue, Sep 22, 2015 at 7:43 PM, Michael Niedermayerwrote: > > > this is ugly, but ASLR is important thus applied > i did not apply the nxcompat dynamicbase merge as its unrelated > > Thanks > > PS: if this breaks some version of mingw then this should be reverted > > [...] > > The only thing I'm not sure of is extremely old mingw versions that no one should be using anymore. If it does break that I should be able to provide a fix for that if that's the case. Would you accept a separate patch for the dynamicbase/nxcompat merge, they were added in the same binutils version so it's safe to do so. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH 2/3] configure: Support for HEASLR on mingw targets
From: Alex Smith <alex.sm...@warpsharp.info> The appropriate flag for HEASLR (--high-entropy-va) is scheduled for inclusion in the next version of binutils (2.25), doesn't hurt to include it a little early. Also set the image base >4GB so higher entropy gets applied to image base randomization when used with HEASLR (8 -> 17 bits of randomization). Windows does this for compatibility because of "latent pointer truncation issues". Signed-off-by: Alex Smith <alex.sm...@warpsharp.info> --- configure | 4 1 file changed, 4 insertions(+) diff --git a/configure b/configure index d6ab35a..0c60c03 100755 --- a/configure +++ b/configure @@ -4400,6 +4400,10 @@ case $target_os in add_ldexeflags -Wl,--pic-executable,-e,_mainCRTStartup elif enabled x86_64; then add_ldexeflags -Wl,--pic-executable,-e,mainCRTStartup +check_ldflags -Wl,--high-entropy-va # binutils 2.25 +# Set image base >4GB for extra entropy with HEASLR +add_ldexeflags -Wl,--image-base,0x14000 +append SHFLAGS -Wl,--image-base,0x18000 fi ;; win32|win64) -- 1.9.5.msysgit.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH 3/3] configure: Disable automatic image base calculation
From: Alex Smith <alex.sm...@warpsharp.info> There's no reason for it. ASLR will rebase it regardless so "preventing collisions" isn't really relevant. This also brings it in line with what a msvc produced dll will have (an image base of 0x1000). Signed-off-by: Alex Smith <alex.sm...@warpsharp.info> --- configure | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure b/configure index 0c60c03..a540ae7 100755 --- a/configure +++ b/configure @@ -4386,7 +4386,7 @@ case $target_os in SLIB_INSTALL_LINKS= SLIB_INSTALL_EXTRA_SHLIB='$(SLIBNAME:$(SLIBSUF)=.lib)' SLIB_INSTALL_EXTRA_LIB='lib$(SLIBNAME:$(SLIBSUF)=.dll.a) $(SLIBNAME_WITH_MAJOR:$(SLIBSUF)=.def)' -SHFLAGS='-shared -Wl,--output-def,$$(@:$(SLIBSUF)=.orig.def) -Wl,--out-implib,$(SUBDIR)lib$(SLIBNAME:$(SLIBSUF)=.dll.a) -Wl,--enable-runtime-pseudo-reloc -Wl,--enable-auto-image-base' +SHFLAGS='-shared -Wl,--output-def,$$(@:$(SLIBSUF)=.orig.def) -Wl,--out-implib,$(SUBDIR)lib$(SLIBNAME:$(SLIBSUF)=.dll.a) -Wl,--enable-runtime-pseudo-reloc -Wl,--disable-auto-image-base' objformat="win32" ranlib=: enable dos_paths -- 1.9.5.msysgit.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH 1/3] configure: Force mingw's ld to keep the reloc section
From: Alex Smith <alex.sm...@warpsharp.info> Binutils will always strip the relocation information from executable files even if it needs it (dynamicbase/ASLR). We can work around this by using the pic-executable flag combined with setting the correct entry point since apparently ld forgets what that should be. This problem affects both 32 and 64-bit mingw-w64. We can combine the nxcompat/dynamicbase check because they were added to binutils at the same time. Signed-off-by: Alex Smith <alex.sm...@warpsharp.info> Conflicts: configure --- configure | 13 +++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/configure b/configure index d2a25bb..d6ab35a 100755 --- a/configure +++ b/configure @@ -4367,8 +4367,6 @@ case $target_os in LIBTARGET=arm-wince fi enabled shared && ! enabled small && check_cmd $windres --version && enable gnu_windres -check_ldflags -Wl,--nxcompat -check_ldflags -Wl,--dynamicbase enabled x86_32 && check_ldflags -Wl,--large-address-aware shlibdir_default="$bindir_default" SLIBPREF="" @@ -4392,6 +4390,17 @@ case $target_os in objformat="win32" ranlib=: enable dos_paths +check_ldflags -Wl,--nxcompat,--dynamicbase +# Lets work around some stupidity in binutils. +# ld will strip relocations from executables even though we need them +# for dynamicbase (ASLR). Using -pie does retain the reloc section +# however ld then forgets what the entry point should be (oops) so we +# have to manually (re)set it. +if enabled x86_32; then +add_ldexeflags -Wl,--pic-executable,-e,_mainCRTStartup +elif enabled x86_64; then +add_ldexeflags -Wl,--pic-executable,-e,mainCRTStartup +fi ;; win32|win64) disable symver -- 1.9.5.msysgit.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel