From fd62692872793b340acd0af90d0e3ec8a59deb7c Mon Sep 17 00:00:00 2001 From: serge-sans-paille Date: Tue, 17 Sep 2024 14:40:24 +0000 Subject: [PATCH] Bug 1913118 - Use -fstrict-flex-arrays=1 in hardened mode r=glandium There's no point to activate -fstrict-flex-arrays=3 as there's a lot of situation where the char [0] syntax is used, including in generated code. There's no point to activate -fstrict-flex-arrays=2 as at least sqlite and icu use the char [1] syntax. Differential Revision: https://phabricator.services.mozilla.com/D219851 --- build/moz.configure/toolchain.configure | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/build/moz.configure/toolchain.configure b/build/moz.configure/toolchain.configure index 1c6a6a6b6f72..19ef32d97a41 100644 --- a/build/moz.configure/toolchain.configure +++ b/build/moz.configure/toolchain.configure @@ -2865,6 +2865,13 @@ def security_hardening_cflags( if debug: flags.extend(trivial_auto_var_init) + if (c_compiler.type == "clang" and c_compiler.version >= "16") or ( + c_compiler.type == "gcc" and c_compiler.version >= "13" + ): + # Cannot use level 3 because we have many uses of the [0] GNU syntax. + # Cannot use level 2 because sqlite3 and icu use the [1] GNU syntax. + flags.append("-fstrict-flex-arrays=1") + # ASLR ------------------------------------------------ # ASLR (dynamicbase) is enabled by default in clang-cl; but the # mingw-clang build requires it to be explicitly enabled