Closed BornThisWay closed 1 year ago
ElenaTyuleneva
commented
1 year ago Hello @BornThisWay, thank you for the good proposal! We'll evaluate this flag's security and performance impact on the library and introduce it in case the analysis shows it's necessary to be added.
P.S. Sorry for the long reply.
paveldyakov
commented
1 year ago Hi @BornThisWay,
We have done the analysis on our side. Unfortunately, -fstack-protector-strong flag causes significant performance impact for some of the IPP Crypto algorithms.
We double checked that "buffer overflow detection" is performed by our static code analyzers - based on the report we have zero such issues in IPP Crypto.
We decided not to introduce -fstack-protector-strong now (potentially we will revisit this decision in future)
Please let me know if you have any questions.
-fstack-protector is used to detect buffer overflow,but it's not enough, -fstack-protector-strong is recommended, thx for your reply.