diff options
author | Elliott Hughes <enh@google.com> | 2015-12-14 11:17:08 -0800 |
---|---|---|
committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2017-03-14 21:18:27 +0100 |
commit | 69d66bebec37d31ee15b484f120b39b20437a6c8 (patch) | |
tree | 65e89690993ea4ff19f18ea62cc9e8147b8ea75d /tools/buildinfo.sh | |
parent | 3461bf40ef9d397d997771c1a160cac05235e3d8 (diff) | |
download | build-69d66bebec37d31ee15b484f120b39b20437a6c8.zip build-69d66bebec37d31ee15b484f120b39b20437a6c8.tar.gz build-69d66bebec37d31ee15b484f120b39b20437a6c8.tar.bz2 |
Enable -fstack-protector-strong for arm.
This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).
The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.
https://lwn.net/Articles/584225/
Change-Id: Iccc20852db8a5e4dd9792f9da6d5e325fc59b0a5
Diffstat (limited to 'tools/buildinfo.sh')
0 files changed, 0 insertions, 0 deletions