FFmpegConfig.sh sets the -QSpectre option for --extra-cflags to enable Spectre mitigations for the FFmpeg binaries. However, --extra-cflags options also get passed to the ARM assembler and -QSpectre causes an A2029 (unknown command-line argument) error for ARM/ARM64 builds. To work around this, I updated BuildFFmpeg.ps1 to modify FFmpeg's configure script to have armasm_flags() filter out -Q* options.
Addressed BA2025.EnableShadowStack errors by setting the /CETCOMPAT linker option (only applicable to x86 and x64)
Updated BuildFFmpeg.ps1 to restore the original environment state after the FFmpeg build to address issues with building FFmpeg for different architectures in the same PowerShell instance
How was the change tested?
I ran BinSkim on the FFmpegInterop/FFmpeg binaries and verified that no BA2024.EnableSpectreMitigations or BA2025.EnableShadowStack errors are reported.
Why is this change being made?
In-proc WME binaries have the following BinSkim errors:
What changed?
How was the change tested?