build: improve stack protector check

Testing a toolchain for proper -fstack-protector must go beyond ensuring the compiler and linker accept the option. If the test C program does nothing with the stack then guards aren't inserted and/or are optimized away giving the false impression that it works when in fact the libc might not support it. Update the check to a program that uses the stack, hence making a link fail if proper support isn't available, for example in non-ssp enabled uclibc toolchains like this: test.c:(.text.startup+0x64): undefined reference to `__stack_chk_fail' Signed-off-by: Gustavo Zacarias <[email protected]> Reviewed-by: Jeremy Allison <[email protected]> Reviewed-by: Ralph Böhme <[email protected]> Autobuild-User(master): Jeremy Allison <[email protected]> Autobuild-Date(master): Mon Sep 21 23:29:13 CEST 2015 on sn-devel-104
kamenim · Sep 21, 2015 · 1399198 · 1399198
1 parent b4747b6
commit 1399198
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
@@ -657,9 +657,23 @@ def SAMBA_CONFIG_H(conf, path=None):
     if not IN_LAUNCH_DIR(conf):
         return
 
-    if conf.CHECK_CFLAGS(['-fstack-protector']) and conf.CHECK_LDFLAGS(['-fstack-protector']):
-        conf.ADD_CFLAGS('-fstack-protector')
-        conf.ADD_LDFLAGS('-fstack-protector')
+    # we need to build real code that can't be optimized away to test
+    if conf.check(fragment='''
+        #include <stdio.h>
+
+        int main(void)
+        {
+            char t[100000];
+            while (fgets(t, sizeof(t), stdin));
+            return 0;
+        }
+        ''',
+        execute=0,
+        ccflags='-fstack-protector',
+        ldflags='-fstack-protector',
+        msg='Checking if toolchain accepts -fstack-protector'):
+            conf.ADD_CFLAGS('-fstack-protector')
+            conf.ADD_LDFLAGS('-fstack-protector')
 
     if Options.options.debug:
         conf.ADD_CFLAGS('-g', testflags=True)