mirrors/aports
3
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-04-20 08:26:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
aports/main/clang17/30-Enable-stack-protector-by-default-for-Alpine-Linux.patch
Natanael Copa 9ecf95cdfe main/clang17: new aport
2023-10-26 10:31:58 +02:00

90 lines
4.2 KiB
Diff
Raw Permalink Blame History

diff --git a/lib/Driver/ToolChains/Gnu.cpp b/lib/Driver/ToolChains/Gnu.cpp
index 4f23403..da6883e 100644
--- a/lib/Driver/ToolChains/Gnu.cpp
+++ b/lib/Driver/ToolChains/Gnu.cpp
@@ -588,6 +588,10 @@ void tools::gnutools::Linker::ConstructJob(Compilation &C, const JobAction &JA,
CmdArgs.push_back("-lm");
}
+ if (!Args.hasArg(options::OPT_nostdlib, options::OPT_nostartfiles, options::OPT_nodefaultlibs)) {
+ CmdArgs.push_back("-lssp_nonshared");
+ }
+
// Silence warnings when linking C code with a C++ '-stdlib' argument.
Args.ClaimAllArgs(options::OPT_stdlib_EQ);
diff --git a/lib/Driver/ToolChains/Linux.h b/lib/Driver/ToolChains/Linux.h
index 52439174..d754b543 100644
--- a/lib/Driver/ToolChains/Linux.h
+++ b/lib/Driver/ToolChains/Linux.h
@@ -11,6 +11,7 @@
#include "Gnu.h"
#include "clang/Driver/ToolChain.h"
+#include "clang/Basic/LangOptions.h"
namespace clang {
namespace driver {
@@ -63,7 +64,15 @@ public:
const llvm::opt::ArgList &DriverArgs, const JobAction &JA,
const llvm::fltSemantics *FPType = nullptr) const override;
const char *getDefaultLinker() const override;
+ LangOptions::StackProtectorMode
+ GetDefaultStackProtectorLevel(bool KernelOrKext) const override {
+ StringRef VendorName = Linux::getTriple().getVendorName();
+ if (VendorName.compare("alpine") == 0)
+ return LangOptions::SSPStrong;
+
+ return LangOptions::SSPOff;
+ }
protected:
Tool *buildAssembler() const override;
diff --git a/test/Driver/fsanitize.c b/test/Driver/fsanitize.c
index 8ad6dc25..1619b59a 100644
--- a/test/Driver/fsanitize.c
+++ b/test/Driver/fsanitize.c
@@ -695,12 +695,12 @@
// RUN: %clang -fno-sanitize=safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=NOSP
// NOSP-NOT: "-fsanitize=safe-stack"
-// RUN: %clang --target=x86_64-linux-gnu -fsanitize=safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=NO-SP
+// RUN: %clang --target=x86_64-linux-gnu -fsanitize=safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=SP
// RUN: %clang --target=x86_64-linux-gnu -fsanitize=address,safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=SP-ASAN
// RUN: %clang --target=x86_64-linux-gnu -fstack-protector -fsanitize=safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=SP
// RUN: %clang --target=x86_64-linux-gnu -fsanitize=safe-stack -fstack-protector-all -### %s 2>&1 | FileCheck %s -check-prefix=SP
-// RUN: %clang --target=arm-linux-androideabi -fsanitize=safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=NO-SP
-// RUN: %clang --target=aarch64-linux-android -fsanitize=safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=NO-SP
+// RUN: %clang --target=arm-linux-androideabi -fsanitize=safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=SP
+// RUN: %clang --target=aarch64-linux-android -fsanitize=safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=SP
// RUN: %clang --target=i386-contiki-unknown -fsanitize=safe-stack -### %s 2>&1 | FileCheck %s -check-prefix=NO-SP
// NO-SP-NOT: stack-protector
// NO-SP: "-fsanitize=safe-stack"
diff --git a/test/Driver/stack-protector.c b/test/Driver/stack-protector.c
index 16937691..80987f67 100644
--- a/test/Driver/stack-protector.c
+++ b/test/Driver/stack-protector.c
@@ -33,6 +33,22 @@
// SSP-PS4-BUF: "-stack-protector" "2"
// SSP-PS4-BUF: "-stack-protector-buffer-size" "16"
+// Test default stack protector values for Alpine
+
+// RUN: %clang -target x86_64-alpine-linux-musl -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE
+// ALPINE: "-stack-protector" "2"
+
+// RUN: %clang -target x86_64-alpine-linux-musl -fstack-protector -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_SPS
+// ALPINE_SPS: "-stack-protector" "2"
+
+// RUN: %clang -target x86_64-alpine-linux-musl -fstack-protector-all -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_ALL
+// ALPINE_ALL: "-stack-protector" "3"
+// ALPINE_ALL-NOT: "-stack-protector-buffer-size"
+
+// RUN: %clang -target x86_64-alpine-linux-musl -fno-stack-protector -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_NOSSP
+// ALPINE_NOSSP-NOT: "-stack-protector"
+// ALPINE_NOSSP-NOT: "-stack-protector-buffer-size"
+
// Test default stack protector values for Darwin platforms
// RUN: %clang -target armv7k-apple-watchos2.0 -### %s 2>&1 | FileCheck %s -check-prefix=SSP_WATCHOS
Reference in a new issue View git blame Copy permalink