aboutsummaryrefslogtreecommitdiffstats
path: root/main/llvm/clang-0010-alpine-use-z-now.patch
Commit message (Collapse)AuthorAgeFilesLines
* main/llvm: SSP by default, use -Wl,-z,nowTravis Tilley2015-06-291-0/+16
clang was already patched to do -Wl,-z,relro by default. now it also passes the equivalent of -Wl,-z,now. clang's normal behavior on linux defaults to using stack smashing protection whenever a function defines an 8 character or more local array. this is the equivalent of passing in -fstack-protector with no additional options in gcc. this release patches clang's default behavior to instead behave like -fstack-protector-strong was passed in, enabling the canary in many more conditions without the performance impact of adding it to ALL functions as is the case with -fstack-protector-all. these conditions include: local variable's address used as part of right hand side of assignment local variable's address used as function argument local variable is an array, regardless of array type or length same as above, but local variable is a union containing an array uses register local variables SSP can still be disabled by passing in -fno-stack-protector. You can still use -fstack-protector-all to add a canary to all functions.