shithub: opus

Download patch

ref: b83dd52868326a401c8578041e3dbea439d53f11
parent: d4b8707b1460c90682ee91f1283d361b90feddd2
author: Marcus Asteborg <[email protected]>
date: Thu Jul 16 18:40:08 EDT 2020

cmake - MINGW check for ssp lib and link if security features is enabled

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -109,12 +109,21 @@
                        OFF)
 add_feature_info(OPUS_STACK_PROTECTOR OPUS_STACK_PROTECTOR ${OPUS_STACK_PROTECTOR_HELP_STR})
 
-if(NOT MSVC AND NOT MINGW)
-    set(OPUS_FORTIFY_SOURCE_HELP_STR "add protection against buffer overflows.")
-    option(OPUS_FORTIFY_SOURCE ${OPUS_FORTIFY_SOURCE_HELP_STR} ON)
-    add_feature_info(OPUS_FORTIFY_SOURCE OPUS_FORTIFY_SOURCE ${OPUS_FORTIFY_SOURCE_HELP_STR})
+if(NOT MSVC)
+  set(OPUS_FORTIFY_SOURCE_HELP_STR "add protection against buffer overflows.")
+  cmake_dependent_option(OPUS_FORTIFY_SOURCE
+                         ${OPUS_FORTIFY_SOURCE_HELP_STR}
+                         ON
+                         "FORTIFY_SOURCE_SUPPORTED"
+                         OFF)
+  add_feature_info(OPUS_FORTIFY_SOURCE OPUS_FORTIFY_SOURCE ${OPUS_FORTIFY_SOURCE_HELP_STR})
 endif()
 
+if(MINGW AND (OPUS_FORTIFY_SOURCE OR OPUS_STACK_PROTECTOR))
+  # ssp lib is needed for security features for MINGW
+  list(APPEND OPUS_REQUIRED_LIBRARIES ssp)
+endif()
+
 if(OPUS_CPU_X86 OR OPUS_CPU_X64)
   set(OPUS_X86_MAY_HAVE_SSE_HELP_STR "does runtime check for SSE1 support.")
   cmake_dependent_option(OPUS_X86_MAY_HAVE_SSE
@@ -247,8 +256,9 @@
 target_link_libraries(opus PRIVATE ${OPUS_REQUIRED_LIBRARIES})
 target_compile_definitions(opus PRIVATE OPUS_BUILD ENABLE_HARDENING)
 
-if(OPUS_FORTIFY_SOURCE)
-  target_compile_definitions(opus PRIVATE _FORTIFY_SOURCE=2)
+if(OPUS_FORTIFY_SOURCE AND NOT MSVC)
+  target_compile_definitions(opus PRIVATE
+                             $<$<NOT:$<CONFIG:debug>>:_FORTIFY_SOURCE=2>)
 endif()
 
 if(OPUS_FLOAT_APPROX)
--- a/cmake/OpusConfig.cmake
+++ b/cmake/OpusConfig.cmake
@@ -77,6 +77,18 @@
   check_flag(FAST_MATH -ffast-math)
   check_flag(STACK_PROTECTOR -fstack-protector-strong)
   check_flag(HIDDEN_VISIBILITY -fvisibility=hidden)
+  set(FORTIFY_SOURCE_SUPPORTED 1)
+endif()
+
+if(MINGW)
+  # For MINGW we need to link ssp lib for security features such as
+  # stack protector and fortify_sources
+  check_library_exists(ssp __stack_chk_fail "" HAVE_LIBSSP)
+  if(NOT HAVE_LIBSSP)
+    message(WARNING "Could not find libssp in MinGW, disabling STACK_PROTECTOR and FORTIFY_SOURCE")
+    set(STACK_PROTECTOR_SUPPORTED 0)
+    set(FORTIFY_SOURCE_SUPPORTED 0)
+  endif()
 endif()
 
 if(NOT MSVC)