1
# DP: Turn on -fstack-protector by default for C, C++, ObjC, ObjC++.
2
# DP: Build libgcc using -fno-stack-protector.
6
gcc/cp/lang-specs.h | 6 +++---
7
gcc/doc/invoke.texi | 4 ++++
8
gcc/gcc.c | 18 ++++++++++++++----
9
gcc/objc/lang-specs.h | 10 +++++-----
10
gcc/objcp/lang-specs.h | 8 ++++----
11
6 files changed, 32 insertions(+), 16 deletions(-)
13
Index: b/src/gcc/gcc.c
14
===================================================================
17
@@ -665,6 +665,14 @@ proper position among the other output f
18
#define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
21
+#ifndef SSP_DEFAULT_SPEC
22
+#ifdef TARGET_LIBC_PROVIDES_SSP
23
+#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:-fstack-protector}}}}"
25
+#define SSP_DEFAULT_SPEC ""
30
#ifdef TARGET_LIBC_PROVIDES_SSP
31
#define LINK_SSP_SPEC "%{fstack-protector:}"
32
@@ -804,6 +812,7 @@ static const char *cc1_spec = CC1_SPEC;
33
static const char *cc1plus_spec = CC1PLUS_SPEC;
34
static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
35
static const char *link_ssp_spec = LINK_SSP_SPEC;
36
+static const char *ssp_default_spec = SSP_DEFAULT_SPEC;
37
static const char *asm_spec = ASM_SPEC;
38
static const char *asm_final_spec = ASM_FINAL_SPEC;
39
static const char *link_spec = LINK_SPEC;
40
@@ -858,7 +867,7 @@ static const char *cpp_unique_options =
41
static const char *cpp_options =
42
"%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
43
%{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\
44
- %{undef} %{save-temps*:-fpch-preprocess}";
45
+ %{undef} %{save-temps*:-fpch-preprocess} %(ssp_default)";
47
/* This contains cpp options which are not passed when the preprocessor
48
output will be used by another program. */
49
@@ -1044,9 +1053,9 @@ static const struct compiler default_com
50
%{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
51
%(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
52
cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
54
+ %(cc1_options) %(ssp_default)}\
55
%{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
56
- cc1 %(cpp_unique_options) %(cc1_options)}}}\
57
+ cc1 %(cpp_unique_options) %(cc1_options) %(ssp_default)}}}\
58
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
60
"%{!E:%e-E or -x required when input is from standard input}\
61
@@ -1069,7 +1078,7 @@ static const struct compiler default_com
62
%W{o*:--output-pch=%*}}%V}}}}}}", 0, 0, 0},
63
{".i", "@cpp-output", 0, 0, 0},
65
- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
66
+ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(ssp_default) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
67
{".s", "@assembler", 0, 0, 0},
69
"%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
70
@@ -1296,6 +1305,7 @@ static struct spec_list static_specs[] =
71
INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec),
72
INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec),
73
INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec),
74
+ INIT_STATIC_SPEC ("ssp_default", &ssp_default_spec),
75
INIT_STATIC_SPEC ("endfile", &endfile_spec),
76
INIT_STATIC_SPEC ("link", &link_spec),
77
INIT_STATIC_SPEC ("lib", &lib_spec),
78
Index: b/src/gcc/cp/lang-specs.h
79
===================================================================
80
--- a/src/gcc/cp/lang-specs.h
81
+++ b/src/gcc/cp/lang-specs.h
82
@@ -46,7 +46,7 @@ along with GCC; see the file COPYING3.
83
%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
84
cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
85
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
87
+ %(cc1_options) %(ssp_default) %2\
88
%{!fsyntax-only:%{!fdump-ada-spec*:-o %g.s %{!o*:--output-pch=%i.gch}\
89
%W{o*:--output-pch=%*}}%V}}}}",
90
CPLUSPLUS_CPP_SPEC, 0, 0},
91
@@ -57,11 +57,11 @@ along with GCC; see the file COPYING3.
92
%(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
93
cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
94
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
96
+ %(cc1_options) %(ssp_default) %2\
97
%{!fsyntax-only:%(invoke_as)}}}}",
98
CPLUSPLUS_CPP_SPEC, 0, 0},
99
{".ii", "@c++-cpp-output", 0, 0, 0},
102
- cc1plus -fpreprocessed %i %(cc1_options) %2\
103
+ cc1plus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
104
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
105
Index: b/src/gcc/params.def
106
===================================================================
107
--- a/src/gcc/params.def
108
+++ b/src/gcc/params.def
109
@@ -685,7 +685,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT,
110
DEFPARAM (PARAM_SSP_BUFFER_SIZE,
112
"The lower bound for a buffer to be considered for stack smashing protection",
116
DEFPARAM (PARAM_MIN_SIZE_FOR_STACK_SHARING,
117
"min-size-for-stack-sharing",
118
Index: b/src/gcc/objc/lang-specs.h
119
===================================================================
120
--- a/src/gcc/objc/lang-specs.h
121
+++ b/src/gcc/objc/lang-specs.h
122
@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3.
123
%{traditional|traditional-cpp:\
124
%eGNU Objective C no longer supports traditional compilation}\
125
%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
126
- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\
127
+ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}\
128
%{!save-temps*:%{!no-integrated-cpp:\
129
- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\
130
+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}}\
131
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
132
{"@objective-c-header",
133
"%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\
134
@@ -40,18 +40,18 @@ along with GCC; see the file COPYING3.
135
%{traditional|traditional-cpp:\
136
%eGNU Objective C no longer supports traditional compilation}\
137
%{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
138
- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
139
+ cc1obj -fpreprocessed %b.mi %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
140
-o %g.s %{!o*:--output-pch=%i.gch}\
141
%W{o*:--output-pch=%*}%V}\
142
%{!save-temps*:%{!no-integrated-cpp:\
143
- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
144
+ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
145
-o %g.s %{!o*:--output-pch=%i.gch}\
146
%W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0},
147
{".mi", "@objective-c-cpp-output", 0, 0, 0},
148
{"@objective-c-cpp-output",
149
- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
150
+ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
151
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
153
"%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\
154
- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
155
+ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
156
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
157
Index: b/src/gcc/objcp/lang-specs.h
158
===================================================================
159
--- a/src/gcc/objcp/lang-specs.h
160
+++ b/src/gcc/objcp/lang-specs.h
161
@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3.
162
%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
163
cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
164
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
166
+ %(cc1_options) %(ssp_default) %2\
167
-o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}",
168
CPLUSPLUS_CPP_SPEC, 0, 0},
170
@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3.
171
%(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
172
cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
173
%{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
175
+ %(cc1_options) %(ssp_default) %2\
176
%{!fsyntax-only:%(invoke_as)}}}}",
177
CPLUSPLUS_CPP_SPEC, 0, 0},
178
{".mii", "@objective-c++-cpp-output", 0, 0, 0},
179
{"@objective-c++-cpp-output",
181
- cc1objplus -fpreprocessed %i %(cc1_options) %2\
182
+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
183
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
184
{"@objc++-cpp-output",
185
"%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\
187
- cc1objplus -fpreprocessed %i %(cc1_options) %2\
188
+ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
189
%{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
190
Index: b/src/gcc/doc/invoke.texi
191
===================================================================
192
--- a/src/gcc/doc/invoke.texi
193
+++ b/src/gcc/doc/invoke.texi
194
@@ -9242,6 +9242,10 @@ functions with buffers larger than 8 byt
195
when a function is entered and then checked when the function exits.
196
If a guard check fails, an error message is printed and the program exits.
198
+NOTE: In Ubuntu 6.10 and later versions this option is enabled by default
199
+for C, C++, ObjC, ObjC++, if none of @option{-fno-stack-protector},
200
+@option{-nostdlib}, nor @option{-ffreestanding} are found.
202
@item -fstack-protector-all
203
@opindex fstack-protector-all
204
Like @option{-fstack-protector} except that all functions are protected.
205
@@ -9843,6 +9847,9 @@ protection when @option{-fstack-protecti
206
The minimum size of variables taking part in stack slot sharing when not
207
optimizing. The default value is 32.
209
+This default before Ubuntu 10.10 was "8". Currently it is "4", to increase
210
+the number of functions protected by the stack protector.
212
@item max-jump-thread-duplication-stmts
213
Maximum number of statements allowed in a block that needs to be
214
duplicated when threading jumps.
added
removed
debian/patches/gcc-default-ssp.diff
