cmake: Allow selection of libc API overflow detection mode

This adds a choice of three different libc API buffer overflow detection modes: * None * Compile-time * Compile-time and Run-time These correspond with the clang/gcc _FORTIFY_SOURCE modes (0/1/2). _FORTIFY_SOURCE depends on compiler optimizations and require libc support which the minimal C library doesn't include, so _FORTIFY_SOURCE is disabled by default in those cases. Native tooling might also enable _FORTIFY_SOURCE, so don't enable it by default in that case either. Signed-off-by: Keith Packard <keithp@keithp.com>
2022-04-26 19:24:11 -07:00 · 2022-04-26 19:24:11 -07:00 · 62bc9bf3e5
commit 62bc9bf3e5
parent 1578a991bd
6 changed files with 52 additions and 6 deletions
--- a/cmake/compiler/gcc/compiler_flags.cmake
+++ b/cmake/compiler/gcc/compiler_flags.cmake
@ -157,7 +157,8 @@ if(NOT CONFIG_NO_OPTIMIZATIONS)
  # _FORTIFY_SOURCE: Detect common-case buffer overflows for certain functions
  # _FORTIFY_SOURCE=1 : Compile-time checks (requires -O1 at least)
  # _FORTIFY_SOURCE=2 : Additional lightweight run-time checks
-  set_compiler_property(PROPERTY security_fortify _FORTIFY_SOURCE=2)
+  set_compiler_property(PROPERTY security_fortify_compile_time _FORTIFY_SOURCE=1)
+  set_compiler_property(PROPERTY security_fortify_run_time _FORTIFY_SOURCE=2)
 endif()

 # gcc flag for a hosted (no-freestanding) application