Reference: https://developers.redhat.com/blog/2021/04/16/broadening-compiler-checks-for-buffer-overflows-in-_fortify_source Reference: https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level Signed-off-by: Sam James <sam@xxxxxxxxxx> --- man7/feature_test_macros.7 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/man7/feature_test_macros.7 b/man7/feature_test_macros.7 index cdd962f7f..f057c1c87 100644 --- a/man7/feature_test_macros.7 +++ b/man7/feature_test_macros.7 @@ -634,9 +634,23 @@ and result in compiler warnings; other checks take place at run time, and result in a run-time error if the check fails. .IP +With +.B _FORTIFY_SOURCE +set to 3, additional checking is added to intercept some function +calls used with an argument of variable size where the compiler can +deduce an upper bound for its value. +For example, a program where malloc's size argument is variable +can now be fortified. +.IP Use of this macro requires compiler support, available with .BR gcc (1) since version 4.0. +.IP +For use of +.B _FORTIFY_SOURCE +set to 3, then +.BR gcc (1) +version 12.0 or later is required. .SS Default definitions, implicit definitions, and combining definitions If no feature test macros are explicitly defined, then the following feature test macros are defined by default: -- 2.38.0
