diff options
author | Joseph Herlant <aerostitch@google.com> | 2020-01-25 07:37:45 -0800 |
---|---|---|
committer | jkoan <jkoan@users.noreply.github.com> | 2020-01-25 16:37:45 +0100 |
commit | 92768553ffbd17b2f9a994ecacdb5d746cb36395 (patch) | |
tree | 94e536af56afc25ace0921a481c5ef864cca56b8 | |
parent | 124bb45c180726e29c920978caee7cfe1080bad5 (diff) | |
download | navit-92768553ffbd17b2f9a994ecacdb5d746cb36395.tar.gz |
add:cmake: add compilation flags to harden the security of navit (#969)
* add:cmake: add compilation flags to harden the security of navit
* Try to add the compiler flags outside of the GCC condition
* Simplify the addition of compiler flags and do not rely on non-recommended CMake variable
* Is the O2 level of optimization helping the invalid arg detection?
* Leaving the optimization level up to the preference of the person building
Co-authored-by: Stefan Wildemann <metalstrolch@users.noreply.github.com>
Co-authored-by: jkoan <jkoan@users.noreply.github.com>
-rwxr-xr-x | CMakeLists.txt | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 214c638a6..f3f808b8f 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -826,17 +826,21 @@ CONFIGURE_FILE("${CMAKE_CURRENT_SOURCE_DIR}/config.h.in" # functions implementing the interface of a plugin. # -Wno-sign-compare: We currently just use int almost everywhere. # Unclear if it's really worth correcting. -if(CMAKE_COMPILER_IS_GNUCC OR CCMAKE_COMPILER_IS_GNUCXX) - set(COMMON_COMPILER_FLAGS "-Wall -Wundef -Wcast-align -Wpointer-arith -Wno-unused-parameter -Wno-sign-compare") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${COMMON_COMPILER_FLAGS}") - set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} ${COMMON_COMPILER_FLAGS}") - # flags not available in old GCC versions, or not for both C and C++ - add_compiler_flag_if_available("-Wno-missing-field-initializers") - add_compiler_flag_if_available("-Wextra") - add_compiler_flag_if_available("-Wmissing-prototypes") - add_compiler_flag_if_available("-Wstrict-prototypes") - add_compiler_flag_if_available("-Wformat-security") -endif() +add_compiler_flag_if_available("-Wall") +add_compiler_flag_if_available("-Wno-unused-parameter") +add_compiler_flag_if_available("-Wno-sign-compare") +add_compiler_flag_if_available("-Wno-missing-field-initializers") +add_compiler_flag_if_available("-Wundef") +add_compiler_flag_if_available("-Wcast-align") +add_compiler_flag_if_available("-Wpointer-arith") +add_compiler_flag_if_available("-Wextra") +add_compiler_flag_if_available("-Wdate-time") +add_compiler_flag_if_available("-Wmissing-prototypes") +add_compiler_flag_if_available("-Wstrict-prototypes") +add_compiler_flag_if_available("-Wformat-security") +add_compiler_flag_if_available("-Werror=format-security") +add_compiler_flag_if_available("-fstack-protector-strong") +add_compiler_flag_if_available("-D_FORTIFY_SOURCE=2") if (EXTRA_DEFINES) add_definitions("${EXTRA_DEFINES}") |