Hi Xi, Thanks for your reply. Then what is the difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 exactly? The resulting binary size doesn't seem to differ much? Thanks, Reinoud. On Wed, Mar 2, 2022, 11:46 AM Xi Ruoyao <xry111@xxxxxxxxxxxxxxxx> wrote: > On Wed, 2022-03-02 at 11:09 -0800, Reinoud Koornstra via Gcc-help wrote: > > Hi Florian, > > > > Thanks very much for your reply. > > -D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2 > > also has runtime checks for variable length? > > Both -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 determine buffer size > at compile time. But they are runtime checks: the input size is > compared with the buffer size at runtime. They are not a pure compile- > time checking like -Wstringop-overflow. > > -D_FORTIFY_SOURCE=3 supports runtime calculation of variable-length > buffer, but it needs Glibc >= 2.35 and GCC >= 12.0 (not released yet). > -- > Xi Ruoyao <xry111@xxxxxxxxxxxxxxxx> > School of Aerospace Science and Technology, Xidian University >
