[Xapian-devel] -D_FORTIFY_SOURCE (was Re: [Xapian-commits] 7903:
trunk/xapian-core/)
Olly Betts
olly at survex.com
Wed Mar 7 17:33:38 GMT 2007
On Wed, Mar 07, 2007 at 11:45:13AM +0000, richard wrote:
> * configure.ac: Add -D_FORTIFY_SOURCE to AM_CXXFLAGS for GCC
> builds. According to glibc CVS support for this was added in
> October 2004, but it doesn't seem to be documented very well,
> other than in features.h.
I'd not come across this before, so I had a quick poke around.
It's hardly documented *well* in features.h either, at least in the
version I have (glibc "2.4-1ubuntu12.3")! Sad really, it sounds like a
promising idea, but if it's not advertised people just won't know to use
it.
> This adds some extra checking for
> array bounds, partially at compile time, but doesn't currently
> find any problems (or cause any noticeable slowdown).
There's perhaps a reason for that - the vast majority of the tests
for __USE_FORTIFY_SOURCE (which is what _FORTIFY_SOURCE controls)
in the glibc headers are followed by "&& !defined __cplusplus"!
It also doesn't activate at all unless you're using GCC >= 4.1
so if your GCC is older, it'll have no effect at all on speed or
fortification.
The only thing which seems to actually be activated for C++ is some
stuff to do with "__builtin_object_size", which seems to allow
checking of the size of buffers known at compile time. We don't make
much use of static sized buffers, and we use snprintf where available,
but it doesn't hurt to have extra checks if the overhead is small.
I prodded glibc CVS and found the vanilla glibc version this was first
in, though it looks like RH backported this to older GCC (and possibly
older glibc) for their distros. I'll add that to the comment.
Cheers,
Olly
More information about the Xapian-devel
mailing list