cmake/configure.ac: Enable -fstack-protector-strong by default

This commit contains the following changes:

- Drops -fstack-protector in favor of -fstack-protector-strong.
  Consequently, the ssp-buffer-size parameter has been removed as
  -fstack-protector-strong ignores array size.

- Add new global opt-out for stack smash protection. This is enabled
  by default for both autotools and CMake builds. Users can opt out
  of stack smash protection by passing -DWITH_STACK_PROTECTOR=OFF to
  CMake or --disable-stack-smash-protection when running ./configure.

- Renames HAVE_SSP_FLAG to HAVE_STACK_PROTECTOR_FLAG in
  CMakeLists.txt to be more readable.

3 files changed, 19 insertions, 11 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9c9e9556..ad0a665a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -15,6 +15,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
 option(BUILD_CXXLIBS "Build libFLAC++" ON)
 option(BUILD_EXAMPLES "Build and install examples" ON)
 option(BUILD_DOCS "Build and install doxygen documents" ON)
+option(WITH_STACK_PROTECTOR "Enable GNU GCC stack smash protection" ON)
 option(WITH_OGG "ogg support (default: test for libogg)" ON)
 
 if(WITH_OGG)
@@ -24,8 +25,6 @@ endif()
 if(CMAKE_C_COMPILER_ID MATCHES "GNU|Clang")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wstrict-prototypes -Wmissing-prototypes -Waggregate-return -Wcast-align -Wnested-externs -Wshadow -Wundef -Wmissing-declarations -Winline")
     set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -O3 -funroll-loops")
-
-    option(ENABLE_SSP "Enable GNU GCC stack smash protection" OFF)
 endif()
 if(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang")
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -Wcast-align -Wshadow -Wwrite-strings -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wsign-promo -Wundef")
@@ -62,10 +61,15 @@ test_big_endian(CPU_IS_BIG_ENDIAN)
 
 check_c_compiler_flag(-Werror HAVE_WERROR_FLAG)
 check_c_compiler_flag(-Wdeclaration-after-statement HAVE_DECL_AFTER_STMT_FLAG)
-check_c_compiler_flag("-fstack-protector --param ssp-buffer-size=4" HAVE_SSP_FLAG)
 check_c_compiler_flag(-mstackrealign HAVE_STACKREALIGN_FLAG)
 check_cxx_compiler_flag(-Weffc++ HAVE_WEFFCXX_FLAG)
 
+if(WITH_STACK_PROTECTOR)
+  if(NOT MSVC)
+    check_c_compiler_flag("-fstack-protector-strong" HAVE_STACK_PROTECTOR_FLAG)
+  endif()
+endif()
+
 if(HAVE_WERROR_FLAG)
     option(ENABLE_WERROR "Enable -Werror in all Makefiles" OFF)
 endif()
@@ -74,12 +78,13 @@ add_compile_options(
     $<$<BOOL:${MSVC}>:/wd4267>
     $<$<BOOL:${MSVC}>:/wd4996>
     $<$<BOOL:${ENABLE_WERROR}>:-Werror>
-    $<$<AND:$<BOOL:${HAVE_SSP_FLAG}>,$<BOOL:${ENABLE_SSP}>>:-fstack-protector>
-    $<$<AND:$<BOOL:${HAVE_SSP_FLAG}>,$<BOOL:${ENABLE_SSP}>>:--param>
-    $<$<AND:$<BOOL:${HAVE_SSP_FLAG}>,$<BOOL:${ENABLE_SSP}>>:ssp-buffer-size=4>
     $<$<AND:$<COMPILE_LANGUAGE:CXX>,$<BOOL:${HAVE_WEFFCXX_FLAG}>>:-Weffc++>
     $<$<AND:$<COMPILE_LANGUAGE:C>,$<BOOL:${HAVE_DECL_AFTER_STMT_FLAG}>>:-Wdeclaration-after-statement>)
 
+if(HAVE_STACK_PROTECTOR_FLAG)
+    add_compile_options(-fstack-protector-strong)
+endif()
+
 if(CMAKE_SYSTEM_PROCESSOR STREQUAL "i686" AND HAVE_STACKREALIGN_FLAG)
     add_compile_options(-mstackrealign)
 endif()
diff --git a/configure.ac b/configure.ac
index 5dd4e3a9..5eb6b9af 100644
--- a/configure.ac
+++ b/configure.ac
@@ -310,8 +310,10 @@ AC_SUBST(FLAC__TEST_LEVEL)
 AC_ARG_ENABLE(werror,
 	AC_HELP_STRING([--enable-werror], [Enable -Werror in all Makefiles]))
 
-AC_ARG_ENABLE(stack-smash-protection,
-	AC_HELP_STRING([--enable-stack-smash-protection], [Enable GNU GCC stack smash protection]))
+AC_ARG_ENABLE([stack-smash-protection],
+    [AS_HELP_STRING([--disable-stack-smash-protection],[Disable GNU GCC stack smash protection])],,
+    [AS_IF([test "$ac_cv_c_compiler_gnu" = "yes" && test "$os_is_windows" = "no"],
+        [enable_stack_smash_protection=yes],[enable_stack_smash_protection=no])])
 
 AC_ARG_ENABLE(64-bit-words,
 	AC_HELP_STRING([--enable-64-bit-words], [Set FLAC__BYTES_PER_WORD to 8 (4 is the default)]))
@@ -627,5 +629,6 @@ fi
 	echo "    SSE optimizations : ....................... ${sse_os}"
 	echo "    Asm optimizations : ....................... ${asm_optimisation}"
 	echo "    Ogg/FLAC support : ........................ ${have_ogg}"
+	echo "    Stack protector  : ........................ ${enable_stack_smash_protection}"
 	echo "    Fuzzing support (Clang only) : ............ ${have_oss_fuzzers}"
 echo
diff --git a/m4/stack_protect.m4 b/m4/stack_protect.m4
index fc45ac2f..d39f4190 100644
--- a/m4/stack_protect.m4
+++ b/m4/stack_protect.m4
@@ -27,7 +27,7 @@ dnl LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 dnl NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-dnl Want to know of GCC stack protector works, botfor the C and for the C++
+dnl We want to know if GCC stack protector works, for the C and for the C++
 dnl compiler.
 dnl
 dnl Just checking if the compiler accepts the required CFLAGSs is not enough
@@ -41,7 +41,7 @@ AC_DEFUN([XIPH_GCC_STACK_PROTECTOR],
 [AC_LANG_ASSERT(C)
 	AC_MSG_CHECKING([if $CC supports stack smash protection])
 	xiph_stack_check_old_cflags="$CFLAGS"
-	SSP_FLAGS="-fstack-protector --param ssp-buffer-size=4"
+	SSP_FLAGS="-fstack-protector-strong"
 	CFLAGS=$SSP_FLAGS
 	AC_TRY_LINK([
 			#include <stdio.h>
@@ -58,7 +58,7 @@ AC_DEFUN([XIPH_GXX_STACK_PROTECTOR],
 [AC_LANG_PUSH([C++])
 	AC_MSG_CHECKING([if $CXX supports stack smash protection])
 	xiph_stack_check_old_cflags="$CFLAGS"
-	SSP_FLAGS="-fstack-protector --param ssp-buffer-size=4"
+	SSP_FLAGS="-fstack-protector-strong"
 	CFLAGS=$SSP_FLAGS
 	AC_TRY_LINK([
 			#include <cstdio>