tarakby
commented
2 months ago draft PR to enable CFI: https://github.com/onflow/crypto/pull/14
Open tarakby opened 2 months ago
tarakby
commented
2 months ago draft PR to enable CFI: https://github.com/onflow/crypto/pull/14
Issue to be solved
Add cfi in the C flags to protect the package against non intended code execution flows in the package.
CFI only available on clang and linux, and can be added by extending
CFLAGSto include-fvisibility=hidden -flto -fsanitize=cfi. The feature should be added only when building with clang on linux. Enforcing CFI for all usage of the package forces users to use clang which may add friction to importing the package.original issue is https://github.com/onflow/flow-go/issues/3668.
Suggested Solution
No response