diff options
author | Joseph Herlant <aerostitch@google.com> | 2020-01-25 07:37:45 -0800 |
---|---|---|
committer | Viktor Verebelyi <vviktor2@gmail.com> | 2020-09-22 02:15:58 +0100 |
commit | 3640b91e377bdb673d53887c64901966eb9a2604 (patch) | |
tree | f7ecd9cf572648d759317222f7cb7f11d8c6d8e5 | |
parent | b7386b0d4726bdd58ffc318053ac115e604e95b2 (diff) | |
download | navit-3640b91e377bdb673d53887c64901966eb9a2604.tar.gz |
add:cmake: add compilation flags to harden the security of navit (#969)
* add:cmake: add compilation flags to harden the security of navit
* Try to add the compiler flags outside of the GCC condition
* Simplify the addition of compiler flags and do not rely on non-recommended CMake variable
* Is the O2 level of optimization helping the invalid arg detection?
* Leaving the optimization level up to the preference of the person building
Co-authored-by: Stefan Wildemann <metalstrolch@users.noreply.github.com>
Co-authored-by: jkoan <jkoan@users.noreply.github.com>
-rwxr-xr-x | CMakeLists.txt | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 214c638a6..f3f808b8f 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -826,17 +826,21 @@ CONFIGURE_FILE("${CMAKE_CURRENT_SOURCE_DIR}/config.h.in" # functions implementing the interface of a plugin. # -Wno-sign-compare: We currently just use int almost everywhere. # Unclear if it's really worth correcting. -if(CMAKE_COMPILER_IS_GNUCC OR CCMAKE_COMPILER_IS_GNUCXX) - set(COMMON_COMPILER_FLAGS "-Wall -Wundef -Wcast-align -Wpointer-arith -Wno-unused-parameter -Wno-sign-compare") - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${COMMON_COMPILER_FLAGS}") - set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} ${COMMON_COMPILER_FLAGS}") - # flags not available in old GCC versions, or not for both C and C++ - add_compiler_flag_if_available("-Wno-missing-field-initializers") - add_compiler_flag_if_available("-Wextra") - add_compiler_flag_if_available("-Wmissing-prototypes") - add_compiler_flag_if_available("-Wstrict-prototypes") - add_compiler_flag_if_available("-Wformat-security") -endif() +add_compiler_flag_if_available("-Wall") +add_compiler_flag_if_available("-Wno-unused-parameter") +add_compiler_flag_if_available("-Wno-sign-compare") +add_compiler_flag_if_available("-Wno-missing-field-initializers") +add_compiler_flag_if_available("-Wundef") +add_compiler_flag_if_available("-Wcast-align") +add_compiler_flag_if_available("-Wpointer-arith") +add_compiler_flag_if_available("-Wextra") +add_compiler_flag_if_available("-Wdate-time") +add_compiler_flag_if_available("-Wmissing-prototypes") +add_compiler_flag_if_available("-Wstrict-prototypes") +add_compiler_flag_if_available("-Wformat-security") +add_compiler_flag_if_available("-Werror=format-security") +add_compiler_flag_if_available("-fstack-protector-strong") +add_compiler_flag_if_available("-D_FORTIFY_SOURCE=2") if (EXTRA_DEFINES) add_definitions("${EXTRA_DEFINES}") |