Moar options! - Githubissues

airbus-seclab / c-compiler-security

Security-related flags and options for C compilers

https://airbus-seclab.github.io/c-compiler-security/

Creative Commons Attribution Share Alike 4.0 International

179 stars 16 forks source link

Moar options! #22

Open kees opened 1 year ago

kees commented 1 year ago

-D_FORTIFY_SOURCE=3 exists now.

-ftrivial-auto-var-init=zero is in GCC 12+ and Clang.

-fsanitize=bounds -fsanitize-undefined-trap-on-error for trivial checking of known-size arrays.

-fstrict-flex-arrays will be in GCC 13+ and Clang 16+, but likely requires some very careful management of some header files, especially anything using the very ancient struct sockaddr. But it'll gain coverage of trailing arrays that would otherwise be ignored by FORTIFY and sanitize=bounds.

trou commented 1 year ago

I updated the page for GCC 12, I still have to cover the modern versions of clang