Add clang hardening flags that we added for gcc#83
Conversation
* -fstack-clash-protection * -fstack-protector-strong * -fstrict-flex-arrays=3 * -D_FORTIFY_SOURCE=3 * -Wconversion * -Wformat-security
derobins
requested review from
gaoikawa,
jordan-turbofish,
kurtmcmillan and
riley-dixon
as code owners
There was a problem hiding this comment.
Pull request overview
This PR adds compiler hardening flags to the Clang configuration that were previously added for GCC, improving security and code safety through stack protection, strict flex arrays, source fortification, and additional security-related warnings.
Key Changes:
- Added stack protection flags (
-fstack-clash-protection,-fstack-protector-strong) - Enabled strict flex array checking and fortification (
-fstrict-flex-arrays=3,-D_FORTIFY_SOURCE=3) - Added security-focused warning flags (
-Wconversion,-Wformat-security)
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| get_ais_gnu_warning_flags(compiler_flags ${compiler_version}) | ||
| elseif(compiler_id STREQUAL "Clang") | ||
| get_ais_clang_warning_flags(compiler_flags compiler_version) | ||
| get_ais_clang_warning_flags(compiler_flags ${compiler_version}) |
There was a problem hiding this comment.
Oops. This has probably been broken for a while...
Prevents trojan code injection
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Uh oh!
There was an error while loading. Please reload this page.