Bug 1503589 - Enable strong stack protector by default. r=glandium
☠☠ backed out by 235c2ef758a1 ☠ ☠
authorGian-Carlo Pascutto <gcp@mozilla.com>
Tue, 13 Nov 2018 05:04:45 +0000
changeset 446554 40d19766439121cd6d231dbee225243d14939db0
parent 446553 9a65ee9355e8b014a8ff5fdb28e0f500f0aa652f
child 446555 922dd9f3b12d9d0a35336d383dfc02a6e504bd1a
push id35043
push userebalazs@mozilla.com
push dateThu, 15 Nov 2018 16:12:36 +0000
treeherdermozilla-central@59026ada59bd [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersglandium
bugs1503589
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1503589 - Enable strong stack protector by default. r=glandium Differential Revision: https://phabricator.services.mozilla.com/D11522
build/moz.configure/toolchain.configure
--- a/build/moz.configure/toolchain.configure
+++ b/build/moz.configure/toolchain.configure
@@ -1576,27 +1576,27 @@ def security_hardening_cflags(hardening_
         if compiler_is_gccish and optimize and not asan:
             # Don't enable FORTIFY_SOURCE on Android on the top-level, but do enable in js/
             if target.os != 'Android':
                 flags.append("-U_FORTIFY_SOURCE")
                 flags.append("-D_FORTIFY_SOURCE=2")
             js_flags.append("-U_FORTIFY_SOURCE")
             js_flags.append("-D_FORTIFY_SOURCE=2")
 
+        # fstack-protector ------------------------------------
+        # Enable only if hardening is not disabled and ASAN is
+        # not on as ASAN will catch the crashes for us
+        if compiler_is_gccish and not asan:
+            flags.append("-fstack-protector-strong")
+
     # If ASAN _is_ on, undefine FOTIFY_SOURCE just to be safe
     if asan:
         flags.append("-U_FORTIFY_SOURCE")
         js_flags.append("-U_FORTIFY_SOURCE")
 
-    # fstack-protector ------------------------------------
-    # Enable only if --enable-hardening is passed and ASAN is
-    # not on as ASAN will catch the crashes for us
-    if hardening_flag and compiler_is_gccish and not asan:
-        flags.append("-fstack-protector-strong")
-
     # fno-common -----------------------------------------
     # Do not merge variables for ASAN; can detect some subtle bugs
     if asan:
         # clang-cl does not recognize the flag, it must be passed down to clang
         if c_compiler.type == 'clang-cl':
             flags.append("-Xclang")
         flags.append("-fno-common")