On Wed, 2022-03-02 at 11:09 -0800, Reinoud Koornstra via Gcc-help wrote: > Hi Florian, > > Thanks very much for your reply. > -D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2 > also has runtime checks for variable length? Both -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 determine buffer size at compile time. But they are runtime checks: the input size is compared with the buffer size at runtime. They are not a pure compile- time checking like -Wstringop-overflow. -D_FORTIFY_SOURCE=3 supports runtime calculation of variable-length buffer, but it needs Glibc >= 2.35 and GCC >= 12.0 (not released yet). -- Xi Ruoyao <xry111@xxxxxxxxxxxxxxxx> School of Aerospace Science and Technology, Xidian University
