One more question, for FORTIFY_SOURCE=2, can I use either -O1 or -O2 optimization flags? I noticed it doesn't like -Os. Thanks, Reinoud. On Wed, Mar 2, 2022, 12:45 PM Reinoud Koornstra <reinoudkoornstra@xxxxxxxxx> wrote: > Thanks for the explanation! > Better to use =2 then. > But Strack protector and FORTIFY can be active as compiler arguments at > the same time as I understand. Just the binary size will grow. Thanks, > > Reinoud. > > On Wed, Mar 2, 2022, 12:23 PM Xi Ruoyao <xry111@xxxxxxxxxxxxxxxx> wrote: > >> On Wed, 2022-03-02 at 12:05 -0800, Reinoud Koornstra wrote: >> > Hi Xi, >> > >> > Thanks for your reply. >> > Then what is the difference between -D_FORTIFY_SOURCE=1 and >> -D_FORTIFY_SOURCE=2 exactly? >> >> -D_FORTIFY_SOURCE=1 uses __builtin_object_size(..., 0) as the buffer >> size, but -D_FORTIFY_SOURCE=2 uses __builtin_object_size(..., 1). Read >> https://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html for the >> details. >> >> One case is: >> >> struct frame >> { >> int size; >> char buf[0]; >> }; >> >> union >> { >> struct frame f; >> char padding[100 + sizeof(struct frame)]; >> } u; >> >> u.frame.size = strlen(s) + 1; >> strcpy(u.frame.buf, s); >> >> -D_FORTIFY_SOURCE=2 will abort this, but -D_FORTIFY_SOURCE=1 won't. >> (Yes, I know "char buf[0]" should be changed to a flexible array member >> "char buf[]" to fix this, but it is just an example.) >> -- >> Xi Ruoyao <xry111@xxxxxxxxxxxxxxxx> >> School of Aerospace Science and Technology, Xidian University >> >
