Open hydra3333 opened 1 year ago
Ah, MABS works OK with a roughie hacked-up test.
How satisfying, yet strange for the other build system which used to work fine - until the latest ubuntu 22.04.2 broke mingw64 tagged version 10 (it used to work) and it all went downhill from there.
ffmpeg -h
ffmpeg version N-110402-ge3143703e9 Copyright (c) 2000-2023 the FFmpeg developers
built with gcc 12.2.0 (Rev10, Built by MSYS2 project)
configuration: --pkg-config=pkgconf --cc='ccache gcc' --cxx='ccache g++' --ld='ccache g++' --extra-cxxflags=-fpermissive --extra-cflags=-Wno-int-conversion --disable-autodetect --enable-nvenc --enable-ffnvcodec --enable-nvdec --enable-cuda-llvm --disable-debug --enable-libfdk-aac --enable-gpl --extra-cflags='" -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp "' --extra-cxxflags='" -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp "' --extra-ldflags='" -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp "' --enable-schannel --extra-cflags=' -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp ' --extra-cxxflags=' -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp ' --extra-ldflags=' -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp ' --enable-nonfree
Given that experience, I'd like to build as much as possible with -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp
as I'm not hugely concerned about the performance impact given the "safety" angle.
Issued also confirmed using WSL's ubuntu 22.04.2
CFLAGS = " -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp "
Those compiler flags are for security reason.
ffmpeg.exe -h stack smashing detected : terminated
That error means there is some buffer overflow. Disabling that compiler flag would negate that security measure. Debug the program and try to fix the issue.
cough.
ffmpeg -h
does not usually generate that error.
cross-compiled with the build system under ubuntu 22.04.1 worked fine. Not so as outline above when "upgraded".
issue narrowed to ubuntu 22.04.2 in combination with mingw64 git head.
not ffmpeg.
there are a LOT of third party dependencies ... which "should" all be compiled with these safety features, nowadays.
Would it be fair to suggest that -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp
goes in this code block in media-autobuild_suite.bat
for each of CPPFLAGS, CFLAGS, CXXFLAGS, LDFLAGS ?
echo.CPPFLAGS="-D_FORTIFY_SOURCE=0 -D__USE_MINGW_ANSI_STDIO=1"
if %CC%==clang (
echo.CFLAGS="-mtune=generic -O2 -pipe"
) else (
echo.CFLAGS="-mthreads -mtune=generic -O2 -pipe"
)
echo.CXXFLAGS="${CFLAGS}"
if %CC%==clang (
echo.LDFLAGS="-pipe -static-libgcc --start-no-unused-arguments -static-libstdc++ --end-no-unused-arguments"
) else (
echo.LDFLAGS="-pipe -static-libgcc -static-libstdc++"
)
I'm nor sure whether doing so makes the options propagated into those flags every time when building every product and dependency.
Please, would it be possible to update MABS to allow -fstack-protector-all -D_FORTIFY_SOURCE=2 -lssp
everywhere perhaps as an option ? Such a change is a 'good thing'.
Hello. Is there some way we can (optionally) add flags to the ffmpeg build, as well as to individual dependency builds ? I know a couple of dependencies refuse to build with
-fstack-protector-all
and/or-D_FORTIFY_SOURCE=2
.Something like
The reason is: I recently used a derivative of deadsix27's build system however a combination of mingw64 git head and ubuntu 22.04.2 with that combination of safety flags resulted in the exe always yielding
which is unusual to say the very least, so something is badly amiss there.
Fresh ubunbtu, fresh mingw, etc, see https://trac.ffmpeg.org/ticket/10329
I'd like to see what happens with a MABS ffmpeg built with those safety flags.
I know at least ffmpeg configure has these ... but where to define them ...