[Libvir] Turn on compiler buffer checks

Daniel P. Berrange berrange at redhat.com
Wed Mar 21 02:41:06 UTC 2007 

Since testing the latest Fedora RPMs I've hit a number of buffer overflow
issues which were caught by the extra compiler checks Fedora turns on. It
would be much better if we caught these before release, so the attached
patch modifies the configure script so that the following options are always
turned on if the compiler supports them:

  -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
  --param=ssp-buffer-size=4 -fasynchronous-unwind-tables 

Since all our production builds use these flags & the patch only enables
them if the compiler has support I don't see any issue with having them
turned on by default.

In addition I altered the existing configure compiler flag checks so that
every compiler flag we turned on is explicitly checked to see if supported
by the current compiler rather than doing a crude $CC=gcc heuristic which
doesn't take account of differing gcc version numbers.

If we wanted super-extra paranoia we could also turn on -fstack-protector-all
possibly only with --enable-compiler-warnings=maximum since it adds more
non-trivial performance overhead

Regards,
Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 
-------------- next part --------------
Index: acinclude.m4
===================================================================
RCS file: /data/cvs/libvirt/acinclude.m4,v
retrieving revision 1.1
diff -u -r1.1 acinclude.m4
--- acinclude.m4	1 Mar 2007 16:18:55 -0000	1.1
+++ acinclude.m4	21 Mar 2007 02:32:20 -0000
@@ -12,57 +12,54 @@
     AC_ARG_ENABLE(compile-warnings,
                   AC_HELP_STRING([--enable-compile-warnings=@<:@no/minimum/yes/maximum/error@:>@],
                                  [Turn on compiler warnings]),,
-                  [enable_compile_warnings="m4_default([$1],[yes])"])
+                  [enable_compile_warnings="m4_default([$1],[maximum])"])
 
     warnCFLAGS=
-    if test "x$GCC" != xyes; then
-	enable_compile_warnings=no
-    fi
 
-    warning_flags=
-    realsave_CFLAGS="$CFLAGS"
+    try_compiler_flags="-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -fasynchronous-unwind-tables"
 
     case "$enable_compile_warnings" in
     no)
-	warning_flags=
 	;;
     minimum)
-	warning_flags="-Wall"
+	try_compiler_flags="$try_compiler_flags -Wall"
 	;;
     yes)
-	warning_flags="-Wall -Wmissing-prototypes"
+	try_compiler_flags="$try_compiler_flags -Wall -Wmissing-prototypes"
 	;;
     maximum|error)
-	warning_flags="-Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith"
-        warning_flags="$warning_flags -Wextra -Wshadow -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Winline -Wredundant-decls"
-	CFLAGS="$warning_flags $CFLAGS"
-	for option in -Wno-sign-compare; do
-		SAVE_CFLAGS="$CFLAGS"
-		CFLAGS="$CFLAGS $option"
-		AC_MSG_CHECKING([whether gcc understands $option])
-		AC_TRY_COMPILE([], [],
-			has_option=yes,
-			has_option=no,)
-		CFLAGS="$SAVE_CFLAGS"
-		AC_MSG_RESULT($has_option)
-		if test $has_option = yes; then
-		  warning_flags="$warning_flags $option"
-		fi
-		unset has_option
-		unset SAVE_CFLAGS
-	done
-	unset option
+	try_compiler_flags="$try_compiler_flags -Wall -Wmissing-prototypes -Wnested-externs -Wpointer-arith"
+        try_compiler_flags="$try_compiler_flags -Wextra -Wshadow -Wcast-align -Wwrite-strings -Waggregate-return"
+	try_compiler_falgs="$try_compiler_flags -Wstrict-prototypes -Winline -Wredundant-decls -Wno-sign-compare"
 	if test "$enable_compile_warnings" = "error" ; then
-	    warning_flags="$warning_flags -Werror"
+	    try_compiler_flags="$try_compiler_flags -Werror"
 	fi
 	;;
     *)
 	AC_MSG_ERROR(Unknown argument '$enable_compile_warnings' to --enable-compile-warnings)
 	;;
     esac
+
+    compiler_flags=
+    for option in $try_compiler_flags; do
+	SAVE_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS $option"
+	AC_MSG_CHECKING([whether gcc understands $option])
+	AC_TRY_COMPILE([], [],
+		has_option=yes,
+		has_option=no,)
+	CFLAGS="$SAVE_CFLAGS"
+	AC_MSG_RESULT($has_option)
+	if test $has_option = yes; then
+	  compiler_flags="$compiler_flags $option"
+	fi
+	unset has_option
+	unset SAVE_CFLAGS
+    done
+    unset option
+    unset try_compiler_flags
+
     CFLAGS="$realsave_CFLAGS"
-    AC_MSG_CHECKING(what warning flags to pass to the C compiler)
-    AC_MSG_RESULT($warning_flags)
 
     AC_ARG_ENABLE(iso-c,
                   AC_HELP_STRING([--enable-iso-c],
@@ -85,6 +82,6 @@
     fi
     AC_MSG_RESULT($complCFLAGS)
 
-    WARN_CFLAGS="$warning_flags $complCFLAGS"
+    WARN_CFLAGS="$compiler_flags $complCFLAGS"
     AC_SUBST(WARN_CFLAGS)
 ])

More information about the libvir-list mailing list