it looks like GCC 8 has sprouted some new security mitigation features:
https://gcc.gnu.org/gcc-8/changes.html
-fstack-clash-protection:
* The new option -fstack-clash-protection causes the compiler to insert
probes whenever stack space is allocated statically or dynamically to
reliably detect stack overflows and thus mitigate the attack vector that
relies on jumping over a stack guard page as provided by the operating
system.
-fcf-protection:
* A new option -fcf-protection=[full|branch|return|none] is introduced
to perform code instrumentation to increase program security by checking
that target addresses of control-flow transfer instructions (such as
indirect function call, function return, indirect jump) are valid.
Currently the instrumentation is supported on x86 GNU/Linux targets
only. See the user guide for further information about the option syntax
and section "New Targets and Target Specific Improvements" for
IA-32/x86-64 for more details.
the latter looks similar to MSVC's /guard:cf, which we don't use yet,
and might potentially run into issues with the C++/UNO bridge's dynamic
code generation.
https://docs.microsoft.com/en-us/cpp/build/reference/guard-enable-control-flow-guard
but i'm hoping the stack-clash-protection could be enabled without issues.
Context
- GCC 8 code generation · Michael Stahl
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.