jvoisin
commented
9 years ago There is a small list of things to consider here.
Open andlabs opened 9 years ago
andlabs
commented
9 years ago Thanks; I'll keep this in mind too.
andlabs
commented
9 years ago also use the clang static analyzer
andlabs
commented
8 years ago -fsanitize=memory
asarubbo
commented
8 years ago Hello. While is fine add hardening flags, to prevent overflow to be exploited, if you talk about asan, just consider this: http://www.openwall.com/lists/oss-security/2016/02/17/9
andlabs
commented
8 years ago Yes, I'm aware I'm using "hardening" as a generic term here. With the cmake scripts I have set up I can make it so that asan and what not are only included in the debugging builds if I do switch them on (and I really should); thanks for the note!
andlabs
commented
6 years ago andlabs
commented
6 years ago 
DemiMarie
commented
6 years ago If using clang, we can use -fsanitize=undefined -fsanitize-trap-on-error in production. That is not only safe, but also a significant security improvement.
andlabs
commented
6 years ago Interesting. Do you have any more information (such as links) about those options?
see https://github.com/telegramdesktop/tdesktop/issues/1112
TODO other sanitizers?