Skip to content

Link with cetCompat flag#19469

Merged
seanbudd merged 2 commits into
nvaccess:masterfrom
LeonarddeR:cetCompat
Jan 21, 2026
Merged

Link with cetCompat flag#19469
seanbudd merged 2 commits into
nvaccess:masterfrom
LeonarddeR:cetCompat

Conversation

@LeonarddeR
Copy link
Copy Markdown
Collaborator

@LeonarddeR LeonarddeR commented Jan 19, 2026
edited
Loading

Link to issue number:

Fixes #19435

Summary of the issue:

NVDA on X86 and X64 is not linked with the /CETCOMPAT flag. This flag should improve security.

Description of user facing changes:

None

Description of developer facing changes:

None

Description of development approach:

Add the flag, but only on X64 and X86.

Testing strategy:

System tests, ensured that the flag is set in binaries. See #19435 (comment)

Known issues with pull request:

None

Code Review Checklist:

  • Documentation:
    • Change log entry
    • User Documentation
    • Developer / Technical Documentation
    • Context sensitive help for GUI changes
  • Testing:
    • Unit tests
    • System (end to end) tests
    • Manual testing
  • UX of all users considered:
    • Speech
    • Braille
    • Low Vision
    • Different web browsers
    • Localization in other languages / culture than English
  • API is compatible with existing add-ons.
  • Security precautions taken.

@LeonarddeR LeonarddeR requested a review from a team as a code owner January 19, 2026 10:10
@LeonarddeR LeonarddeR marked this pull request as draft January 19, 2026 10:10
Copilot AI reviewed Jan 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds the /CETCOMPAT linker flag to improve security for NVDA builds on x86 and x64 architectures, as specified in issue #19435. This flag enables Control-flow Enforcement Technology (CET) compatibility, which is a hardware-assisted security feature available in modern Intel and AMD processors.

Changes:

  • Added /CETCOMPAT linker flag for x86 and x86_64 builds (excluding ARM64 and ARM64EC)
  • Updated copyright year to 2026

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@SaschaCowley SaschaCowley added the conceptApproved Similar 'triaged' for issues, PR accepted in theory, implementation needs review. label Jan 20, 2026
@LeonarddeR
Copy link
Copy Markdown
Collaborator Author

LeonarddeR commented Jan 20, 2026

According to what @mdlawler wrote in #19435 (comment), the current implementation works as expected.

@LeonarddeR LeonarddeR changed the title POC: Link with cetCompat flag Link with cetCompat flag Jan 20, 2026
@LeonarddeR LeonarddeR marked this pull request as ready for review January 20, 2026 12:37
seanbudd
seanbudd approved these changes Jan 21, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@seanbudd seanbudd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @LeonarddeR

@seanbudd seanbudd merged commit 7bad8be into nvaccess:master Jan 21, 2026
37 of 39 checks passed
@github-actions github-actions Bot added this to the 2026.2 milestone Jan 21, 2026
tareh7z pushed a commit to tareh7z/nvda that referenced this pull request Feb 16, 2026
@LeonarddeR @tareh7z
Link with cetCompat flag (nvaccess#19469)
1a60de2 
Fixes nvaccess#19435
Summary of the issue:

NVDA on X86 and X64 is not linked with the /CETCOMPAT flag. This flag should improve security.
Description of user facing changes:

None
Description of developer facing changes:

None
Description of development approach:

Add the flag, but only on X64 and X86.
@nvdaes nvdaes mentioned this pull request Apr 11, 2026
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@seanbudd seanbudd seanbudd approved these changes

@SaschaCowley SaschaCowley Awaiting requested review from SaschaCowley SaschaCowley is a code owner automatically assigned from nvaccess/developers

Assignees

No one assigned

Labels

conceptApproved Similar 'triaged' for issues, PR accepted in theory, implementation needs review.

Projects

None yet

Milestone

2026.2

Development

Successfully merging this pull request may close these issues.

use the /CETCOMPAT flag while linking any NVDA exe or dll files

4 participants

@LeonarddeR @seanbudd @SaschaCowley