Switch to -fstack-protector-strong

This compiler option is already used for ChromeOS, but not yet on other platforms because there is push back against enabling an option resulting in ~1-2% lower performance and ~2-3% larger binaries. The size increase on Android is something they care a lot about since some devices have very little storage space. That also means ever so slightly higher memory/cache usage but not by the full 2-3%. Original License: MIT - https://spdx.org/licenses/MIT.html License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
CalyxOS · Mar 8, 2023 · e736ed3 · e736ed3
1 parent 7fa5d0f
commit e736ed3
Showing 1 changed file with 1 addition and 7 deletions.
diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn
@@ -314,18 +314,12 @@ config("compiler") {
         cflags += [ "-fstack-protector" ]
       }
     } else if ((is_posix && !is_chromeos && !is_nacl) || is_fuchsia) {
-      # TODO(phajdan.jr): Use -fstack-protector-strong when our gcc supports it.
-      # See also https://crbug.com/533294
-      if (current_os != "zos") {
-        cflags += [ "--param=ssp-buffer-size=4" ]
-      }
-
       # The x86 toolchain currently has problems with stack-protector.
       if (is_android && current_cpu == "x86") {
         cflags += [ "-fno-stack-protector" ]
       } else if (current_os != "aix") {
         # Not available on aix.
-        cflags += [ "-fstack-protector" ]
+        cflags += [ "-fstack-protector-strong" ]
       }
     }