* [git.ipfire.org] IPFire 3.x development tree branch, master, updated. 48c0a8414ddae2a6e443a0fdd253f7944cb6a8a7
@ 2023-03-24 10:58 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2023-03-24 10:58 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 20391 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 3.x development tree".
The branch, master has been updated
via 48c0a8414ddae2a6e443a0fdd253f7944cb6a8a7 (commit)
from 7ed3355c04f0978ec16f7c83214172add4e8adad (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 48c0a8414ddae2a6e443a0fdd253f7944cb6a8a7
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Fri Mar 24 10:55:33 2023 +0000
gcc: Harden this package
This is a major rewrite of this package which should probably be broken
down into several commits, but since GCC takes many hours to build, this
has now been mushed into one to keep us moving forward.
This patch re-introduces a full bootstrap of GCC.
We also build GCC with our own compiler flags and make it pass our
hardening checks which includes patching the build system to build GCC
itself as PIE.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
gcc/gcc.nm | 182 ++++++++-------------
gcc/patches/0001-gcc-Build-with-PIE.patch | 77 +++++++++
gcc/patches/0002-libcc1-Export-all-symbols.patch | 80 +++++++++
.../a25982ada523689c8745d7fb4b1b93c8f5dab2e7.patch | 78 +++++++++
4 files changed, 303 insertions(+), 114 deletions(-)
create mode 100644 gcc/patches/0001-gcc-Build-with-PIE.patch
create mode 100644 gcc/patches/0002-libcc1-Export-all-symbols.patch
create mode 100644 gcc/patches/a25982ada523689c8745d7fb4b1b93c8f5dab2e7.patch
Difference in files:
diff --git a/gcc/gcc.nm b/gcc/gcc.nm
index 84243e48e..011329e66 100644
--- a/gcc/gcc.nm
+++ b/gcc/gcc.nm
@@ -8,7 +8,7 @@ build_graphite = 1
name = gcc
version = 12.2.0
-release = 3
+release = 4
maintainer = Michael Tremer <michael.tremer(a)ipfire.org>
groups = Development/Compilers
@@ -65,15 +65,9 @@ build
# Build libubsan
build_libubsan = 0
- # A couple of configure arguments depending on the architecture and
- # configuration.
- configure_options =
-
- #make_bootstrap = profiledbootstrap
+ DIR_BUILD = %{DIR_SRC}/gcc-build
if "%{DISTRO_ARCH}" == "x86_64"
- configure_options = --disable-multilib
-
build_libquadmath = 1
build_liblsan = 1
build_libtsan = 1
@@ -84,14 +78,7 @@ build
build_libubsan = 1
end
- if "%{build_graphite}" == "1"
- configure_options += \
- --with-isl
- end
-
prepare_cmds
- mkdir -v %{DIR_SRC}/gcc-build
-
# Remove unneeded features that will save some compile time
rm -rf lib{gfortran,java,objc} gcc/{fortran,java,objc,objcp}
@@ -103,108 +90,82 @@ build
# Branding gcc
echo "%{DISTRO_NAME} %{version}-%{release}" > gcc/DEV-PHASE
- # Libgomp uses -Werror regardless of --disable-werror, and this will cause a
- # build failure when -D_FORTIFY_SOURCE=2 causes build time warnings:
- sed -e "s/-Werror//" -i libgomp/configure
-
# The fixincludes script is known to occasionally erroneously attempt to
# "fix" the system headers installed so far. As the headers up to this point
# are known to not require fixing, issue the following command to prevent
# the fixincludes script from running:
sed -i 's@\./fixinc\.sh(a)-c true@' gcc/Makefile.in
-
- sed -i gcc/Makefile.in \
- -e "s/-fno-exceptions/& -fno-asynchronous-unwind-tables/"
-
- #./contrib/gcc_update --touch
end
- export CC=gcc
- export CXX=g++
-
# Disable LTO
LTO_CFLAGS =
- build
- cd %{DIR_SRC}/gcc-build
-
- # Modify CFLAGS
- CFLAGS="%{CFLAGS}"
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/\(-Wp,\)\?-D_FORTIFY_SOURCE=[12]//g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/-Werror=format-security//g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/-m64//g;s/-m32//g;s/-m31//g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/-mfpmath=sse/-mfpmath=sse -msse2/g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/-march=i.86//g')
- CFLAGS=$(echo ${CFLAGS} | sed -e 's/ -pipe / /g')
- CFLAGS=$(echo "${CFLAGS}" | sed -e 's/[[:blank:]]\+/ /g')
- CXXFLAGS=$(echo ${CFLAGS} | sed -e 's/ -Wall//g')
- CXXFLAGS=$(echo ${CXXFLAGS} | sed -e 's/ -fexceptions / /g')
- #CXXFLAGS=$(echo ${CXXFLAGS} | sed -e 's/ -Werror=format-security / -Wformat -Werror=format-security /g')
-
- case "${CFLAGS}" in
- *-fasynchronous-unwind-tables*)
- sed -i -e "s/-fno-exceptions /-fno-exceptions -fno-asynchronous-unwind-tables/" \
- ../%{thisapp}/Makefile.in
- ;;
- esac
-
- CFLAGS="${CFLAGS}" \
- CXXFLAGS="${CXXFLAGS}" \
- XCFLAGS="${CFLAGS}" \
- TCFLAGS="${CFLAGS}" \
- ../%{thisapp}/configure \
- --build=%{DISTRO_BUILDTARGET} \
- --prefix=/usr \
- --libdir=%{libdir} \
- --libexecdir=%{libdir} \
- --mandir=%{mandir} \
- --with-boot-ldflags="%{LDFLAGS}" \
- --enable-esp \
- --enable-shared \
- --enable-threads=posix \
- --enable-__cxa_atexit \
- --enable-clocale=gnu \
- --enable-languages=c,c++,lto \
- --disable-bootstrap \
- --enable-checking=release \
- --enable-default-pie \
- --enable-default-ssp \
- --disable-werror \
- --disable-libssp \
- --with-system-zlib \
- --with-bugurl=https://bugzilla.ipfire.org/ \
- --disable-libunwind-exceptions \
- --enable-gnu-unique-object \
- --enable-linker-build-id \
- --with-linker-hash-style=gnu \
- --enable-plugin \
- --enable-initfini-array \
- --disable-libgcj \
- --enable-gnu-indirect-function \
- %{configure_options}
-
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=58012
- # XXX disabled flags: --disable-static
-
- # GCC does not support a parallel build.
- make %{make_bootstrap} BOOT_CFLAGS="${CFLAGS}" %{PARALLELISMFLAGS}
-
- # Generate man pages.
- perl -pi -e 's/head3/head2/' ../contrib/texi2pod.pl
- for i in %{DIR_APP}/gcc/doc/*.texi; do
- cp -a $i $i.orig; sed 's/ftable/table/' $i.orig > $i
- done
- make -C gcc generated-manpages
- for i in %{DIR_APP}/gcc/doc/*.texi; do mv -f $i.orig $i; done
+ # Disable any string format security checks
+ STRING_FORMAT_SECURITY_CFLAGS =
+
+ configure_options = \
+ CFLAGS="%{CFLAGS}" \
+ CXXFLAGS="%{CXXFLAGS}" \
+ XCFLAGS="%{CFLAGS}" \
+ TCFLAGS="%{CFLAGS}" \
+ --build=%{DISTRO_BUILDTARGET} \
+ --prefix=%{prefix} \
+ --libdir=%{libdir} \
+ --libexecdir=%{libdir} \
+ --mandir=%{mandir} \
+ --disable-static \
+ --enable-shared \
+ --enable-threads=posix \
+ --enable-__cxa_atexit \
+ --enable-languages=c,c++,lto \
+ --enable-bootstrap \
+ --with-build-config=bootstrap-lto \
+ --enable-link-serialization=1 \
+ --enable-checking=release \
+ --enable-default-pie \
+ --enable-default-ssp \
+ --disable-werror \
+ --disable-libssp \
+ --with-system-zlib \
+ --with-bugurl=https://bugzilla.ipfire.org/ \
+ --enable-libstdcxx-backtrace \
+ --disable-libstdcxx-pch \
+ --with-libstdcxx-zoneinfo=%{datadir}/zoneinfo \
+ --disable-libunwind-exceptions \
+ --enable-gnu-unique-object \
+ --enable-linker-build-id \
+ --with-linker-hash-style=gnu \
+ --enable-decimal-float \
+ --enable-plugin \
+ --enable-initfini-array \
+ --disable-libgcj \
+ --enable-gnu-indirect-function
+
+ if "%{build_graphite}" == "1"
+ configure_options += \
+ --with-isl
end
+ if "%{DISTRO_ARCH}" == "x86_64"
+ configure_options += \
+ --with-arch_64=x86-64-v2 \
+ --with-arch_32=x86-64 \
+ --enable-cet \
+ --with-tune=generic
+ end
+
+ make_build_targets += \
+ profiledbootstrap \
+ BOOT_CFLAGS="%{CFLAGS}" \
+ BOOT_LDFLAGS="%{LDFLAGS}" \
+ LDFLAGS_FOR_TARGET="%{LDFLAGS}"
+
#test
# cd %{DIR_SRC}/gcc-build && make -k check || true
# cd %{DIR_APP} && ./contrib/test_summary
#end
install
- cd %{DIR_SRC}/gcc-build
make install DESTDIR=%{BUILDROOT}
# Check if the installation path exists.
@@ -223,7 +184,8 @@ build
OUTPUT_FORMAT('`gcc -Wl,--print-output-format -nostdlib -r -o /dev/null`')
GROUP ( /%{libdir}/libgcc_s.so.1 libgcc.a )' > ${FULLPATH}/libgcc_s.so
- chmod 755 %{BUILDROOT}%{libdir}/libgcc_s.so.1
+ chmod -v 755 ${FULLPATH}/libgcc_s.so
+ chmod -v 755 %{BUILDROOT}%{libdir}/libgcc_s.so.1
# Remove some GNU debugger stuff.
rm -vf %{BUILDROOT}%{libdir}/lib*.py
@@ -231,48 +193,40 @@ build
# libgomp
mv -vf %{BUILDROOT}%{libdir}/libgomp.spec ${FULLPATH}/
ln -svf ../../../libgomp.so.1.0.0 ${FULLPATH}/libgomp.so
- chmod 755 %{BUILDROOT}%{libdir}/libgomp.so.1.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libgomp.so.1.*
# libstdc++
ln -svf ../../../libstdc++.so.6.0.30 ${FULLPATH}/libstdc++.so
- mv -vf %{BUILDROOT}%{libdir}/lib{std,sup}c++.a ${FULLPATH}
# libquadmath
if [ "%{build_libquadmath}" = "1" ]; then
ln -svf ../../../libquadmath.so.0.0.0 ${FULLPATH}/libquadmath.so
- chmod 755 %{BUILDROOT}%{libdir}/libquadmath.so.0.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libquadmath.so.0.*
fi
# libitm
mv -vf %{BUILDROOT}%{libdir}/libitm.spec ${FULLPATH}/
ln -svf ../../../libitm.so.1.0.0 ${FULLPATH}/libitm.so
- chmod 755 %{BUILDROOT}%{libdir}/libitm.so.1.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libitm.so.1.*
# liblsan
if [ "%{build_liblsan}" = "1" ]; then
ln -svf ../../../liblsan.so.0.0.0 ${FULLPATH}/liblsan.so
- chmod 755 %{BUILDROOT}%{libdir}/liblsan.so.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/liblsan.so.*
fi
# libtsan
if [ "%{build_libtsan}" = "1" ]; then
ln -svf ../../../libtsan.so.2.0.0 ${FULLPATH}/libtsan.so
- chmod 755 %{BUILDROOT}%{libdir}/libtsan.so.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libtsan.so.*
fi
# libubsan
if [ "%{build_libubsan}" = "1" ]; then
ln -svf ../../../libubsan.so.1.0.0 ${FULLPATH}/libubsan.so
- chmod 755 %{BUILDROOT}%{libdir}/libubsan.so.*
+ chmod -v 755 %{BUILDROOT}%{libdir}/libubsan.so.*
fi
end
-
- keep_libraries
- %{libdir}/gcc/%{DISTRO_BUILDTARGET}/%{version}/libgcc.a
- %{libdir}/gcc/%{DISTRO_BUILDTARGET}/%{version}/libgcc_eh.a
- %{libdir}/gcc/%{DISTRO_BUILDTARGET}/%{version}/libstdc++.a
- %{libdir}/gcc/%{DISTRO_BUILDTARGET}/%{version}/libsupc++.a
- end
end
packages
diff --git a/gcc/patches/0001-gcc-Build-with-PIE.patch b/gcc/patches/0001-gcc-Build-with-PIE.patch
new file mode 100644
index 000000000..d70839599
--- /dev/null
+++ b/gcc/patches/0001-gcc-Build-with-PIE.patch
@@ -0,0 +1,77 @@
+From 8690dbe058f3ca8af0499a545c4b4cc6a5dc089a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer(a)ipfire.org>
+Date: Tue, 21 Mar 2023 16:58:02 +0000
+Subject: [PATCH 1/2] gcc: Build with PIE
+
+This patch removes that GCC will be compiled with -fno-PIE/-no-pie.
+
+This will break PCH.
+
+Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
+---
+ gcc/Makefile.in | 9 ---------
+ gcc/configure.ac | 28 ----------------------------
+ 2 files changed, 37 deletions(-)
+
+diff --git a/gcc/Makefile.in b/gcc/Makefile.in
+index 31ff95500c9..530928a3cde 100644
+--- a/gcc/Makefile.in
++++ b/gcc/Makefile.in
+@@ -267,15 +267,6 @@ endif
+ CET_HOST_FLAGS = @CET_HOST_FLAGS@
+ COMPILER += $(CET_HOST_FLAGS)
+
+-NO_PIE_CFLAGS = @NO_PIE_CFLAGS@
+-NO_PIE_FLAG = @NO_PIE_FLAG@
+-
+-# We don't want to compile the compilers with -fPIE, it make PCH fail.
+-COMPILER += $(NO_PIE_CFLAGS)
+-
+-# Link with -no-pie since we compile the compiler with -fno-PIE.
+-LINKER += $(NO_PIE_FLAG)
+-
+ # Like LINKER, but use a mutex for serializing front end links.
+ ifeq (@DO_LINK_MUTEX@,true)
+ LLINKER = $(SHELL) $(srcdir)/lock-and-run.sh linkfe.lck $(LINKER)
+diff --git a/gcc/configure.ac b/gcc/configure.ac
+index 992a50e7b20..62cd94bffb8 100644
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -7641,34 +7641,6 @@ if test x$enable_default_pie = xyes ; then
+ fi
+ AC_SUBST([enable_default_pie])
+
+-# Check if -fno-PIE works.
+-AC_CACHE_CHECK([for -fno-PIE option],
+- [gcc_cv_c_no_fpie],
+- [saved_CXXFLAGS="$CXXFLAGS"
+- CXXFLAGS="$CXXFLAGS -fno-PIE"
+- AC_COMPILE_IFELSE([AC_LANG_SOURCE([int main(void) {return 0;}])],
+- [gcc_cv_c_no_fpie=yes],
+- [gcc_cv_c_no_fpie=no])
+- CXXFLAGS="$saved_CXXFLAGS"])
+-if test "$gcc_cv_c_no_fpie" = "yes"; then
+- NO_PIE_CFLAGS="-fno-PIE"
+-fi
+-AC_SUBST([NO_PIE_CFLAGS])
+-
+-# Check if -no-pie works.
+-AC_CACHE_CHECK([for -no-pie option],
+- [gcc_cv_no_pie],
+- [saved_LDFLAGS="$LDFLAGS"
+- LDFLAGS="$LDFLAGS -no-pie"
+- AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void) {return 0;}])],
+- [gcc_cv_no_pie=yes],
+- [gcc_cv_no_pie=no])
+- LDFLAGS="$saved_LDFLAGS"])
+-if test "$gcc_cv_no_pie" = "yes"; then
+- NO_PIE_FLAG="-no-pie"
+-fi
+-AC_SUBST([NO_PIE_FLAG])
+-
+ # Enable Intel CET on Intel CET enabled host if jit is enabled.
+ GCC_CET_HOST_FLAGS(CET_HOST_FLAGS)
+ case x$enable_languages in
+--
+2.30.2
+
diff --git a/gcc/patches/0002-libcc1-Export-all-symbols.patch b/gcc/patches/0002-libcc1-Export-all-symbols.patch
new file mode 100644
index 000000000..113c314c4
--- /dev/null
+++ b/gcc/patches/0002-libcc1-Export-all-symbols.patch
@@ -0,0 +1,80 @@
+From 439c8e21de5245d3f345bd796f3131be319f54d2 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer(a)ipfire.org>
+Date: Tue, 21 Mar 2023 17:52:04 +0000
+Subject: [PATCH 2/2] libcc1: Export all symbols
+
+This patches removes the -export-symbols option when linking libcc1 and
+its plugins as it is breaking our hardening check where we are looking
+for a reference to __stack_chk_fail in the symbol table.
+
+Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
+---
+ libcc1/Makefile.am | 6 +++---
+ libcc1/Makefile.in | 6 +++---
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/libcc1/Makefile.am b/libcc1/Makefile.am
+index 6e3a34ff7e2..7eb8ec9178c 100644
+--- a/libcc1/Makefile.am
++++ b/libcc1/Makefile.am
+@@ -54,7 +54,7 @@ shared_source = callbacks.cc callbacks.hh connection.cc connection.hh \
+ marshall_c_source = marshall-c.hh
+ marshall_cxx_source = marshall-cp.hh
+
+-libcc1plugin_la_LDFLAGS = -module -export-symbols $(srcdir)/libcc1plugin.sym
++libcc1plugin_la_LDFLAGS = -module
+ libcc1plugin_la_SOURCES = libcc1plugin.cc context.cc context.hh \
+ $(shared_source) $(marshall_c_source)
+ libcc1plugin.lo_CPPFLAGS = $(CPPFLAGS_FOR_C)
+@@ -64,7 +64,7 @@ libcc1plugin_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+ $(CXXFLAGS) $(libcc1plugin_la_LDFLAGS) $(LTLDFLAGS) -o $@
+
+-libcp1plugin_la_LDFLAGS = -module -export-symbols $(srcdir)/libcp1plugin.sym
++libcp1plugin_la_LDFLAGS = -module
+ libcp1plugin_la_SOURCES = libcp1plugin.cc context.cc context.hh \
+ $(shared_source) $(marshall_cxx_source)
+ libcp1plugin.lo_CPPFLAGS = $(CPPFLAGS_FOR_CXX)
+@@ -75,7 +75,7 @@ libcp1plugin_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(CXXFLAGS) $(libcp1plugin_la_LDFLAGS) $(LTLDFLAGS) -o $@
+
+ LTLDFLAGS = $(shell $(SHELL) $(top_srcdir)/../libtool-ldflags $(LDFLAGS))
+-libcc1_la_LDFLAGS = -module -export-symbols $(srcdir)/libcc1.sym
++libcc1_la_LDFLAGS = -module
+ libcc1_la_SOURCES = findcomp.cc libcc1.cc libcp1.cc \
+ compiler.cc compiler.hh names.cc names.hh $(shared_source) \
+ $(marshall_c_source) $(marshall_cxx_source)
+diff --git a/libcc1/Makefile.in b/libcc1/Makefile.in
+index f8f590d71e9..aa3d45bcef4 100644
+--- a/libcc1/Makefile.in
++++ b/libcc1/Makefile.in
+@@ -405,7 +405,7 @@ shared_source = callbacks.cc callbacks.hh connection.cc connection.hh \
+
+ marshall_c_source = marshall-c.hh
+ marshall_cxx_source = marshall-cp.hh
+-libcc1plugin_la_LDFLAGS = -module -export-symbols $(srcdir)/libcc1plugin.sym
++libcc1plugin_la_LDFLAGS = -module
+ libcc1plugin_la_SOURCES = libcc1plugin.cc context.cc context.hh \
+ $(shared_source) $(marshall_c_source)
+
+@@ -416,7 +416,7 @@ libcc1plugin_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+ $(CXXFLAGS) $(libcc1plugin_la_LDFLAGS) $(LTLDFLAGS) -o $@
+
+-libcp1plugin_la_LDFLAGS = -module -export-symbols $(srcdir)/libcp1plugin.sym
++libcp1plugin_la_LDFLAGS = -module
+ libcp1plugin_la_SOURCES = libcp1plugin.cc context.cc context.hh \
+ $(shared_source) $(marshall_cxx_source)
+
+@@ -428,7 +428,7 @@ libcp1plugin_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(CXXFLAGS) $(libcp1plugin_la_LDFLAGS) $(LTLDFLAGS) -o $@
+
+ LTLDFLAGS = $(shell $(SHELL) $(top_srcdir)/../libtool-ldflags $(LDFLAGS))
+-libcc1_la_LDFLAGS = -module -export-symbols $(srcdir)/libcc1.sym
++libcc1_la_LDFLAGS = -module
+ libcc1_la_SOURCES = findcomp.cc libcc1.cc libcp1.cc \
+ compiler.cc compiler.hh names.cc names.hh $(shared_source) \
+ $(marshall_c_source) $(marshall_cxx_source)
+--
+2.30.2
+
diff --git a/gcc/patches/a25982ada523689c8745d7fb4b1b93c8f5dab2e7.patch b/gcc/patches/a25982ada523689c8745d7fb4b1b93c8f5dab2e7.patch
new file mode 100644
index 000000000..6a0f4d2f0
--- /dev/null
+++ b/gcc/patches/a25982ada523689c8745d7fb4b1b93c8f5dab2e7.patch
@@ -0,0 +1,78 @@
+From a25982ada523689c8745d7fb4b1b93c8f5dab2e7 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools(a)gmail.com>
+Date: Thu, 14 Jul 2022 08:23:38 -0700
+Subject: [PATCH] stack-protector: Check stack canary before throwing exception
+
+Check stack canary before throwing exception to avoid stack corruption.
+
+gcc/
+
+ PR middle-end/58245
+ * calls.cc: Include "tree-eh.h".
+ (expand_call): Check stack canary before throwing exception.
+
+gcc/testsuite/
+
+ PR middle-end/58245
+ * g++.dg/fstack-protector-strong.C: Adjusted.
+ * g++.dg/pr58245-1.C: New test.
+---
+ gcc/calls.cc | 6 +++++-
+ gcc/testsuite/g++.dg/fstack-protector-strong.C | 2 +-
+ gcc/testsuite/g++.dg/pr58245-1.C | 10 ++++++++++
+ 3 files changed, 16 insertions(+), 2 deletions(-)
+ create mode 100644 gcc/testsuite/g++.dg/pr58245-1.C
+
+diff --git a/gcc/calls.cc b/gcc/calls.cc
+index bc96aff38f0..6dd6f73e978 100644
+--- a/gcc/calls.cc
++++ b/gcc/calls.cc
+@@ -60,6 +60,7 @@ along with GCC; see the file COPYING3. If not see
+ #include "attr-fnspec.h"
+ #include "value-query.h"
+ #include "tree-pretty-print.h"
++#include "tree-eh.h"
+
+ /* Like PREFERRED_STACK_BOUNDARY but in units of bytes, not bits. */
+ #define STACK_BYTES (PREFERRED_STACK_BOUNDARY / BITS_PER_UNIT)
+@@ -3154,7 +3155,10 @@ expand_call (tree exp, rtx target, int ignore)
+ if (pass && (flags & ECF_MALLOC))
+ start_sequence ();
+
+- if (pass == 0
++ /* Check the canary value for sibcall or function which doesn't
++ return and could throw. */
++ if ((pass == 0
++ || ((flags & ECF_NORETURN) != 0 && tree_could_throw_p (exp)))
+ && crtl->stack_protect_guard
+ && targetm.stack_protect_runtime_enabled_p ())
+ stack_protect_epilogue ();
+diff --git a/gcc/testsuite/g++.dg/fstack-protector-strong.C b/gcc/testsuite/g++.dg/fstack-protector-strong.C
+index ae6d2fdb8df..034af2ce9ab 100644
+--- a/gcc/testsuite/g++.dg/fstack-protector-strong.C
++++ b/gcc/testsuite/g++.dg/fstack-protector-strong.C
+@@ -85,4 +85,4 @@ int foo7 (B *p)
+ return p->return_slot ().a1;
+ }
+
+-/* { dg-final { scan-assembler-times "stack_chk_fail" 7 } } */
++/* { dg-final { scan-assembler-times "stack_chk_fail" 8 } } */
+diff --git a/gcc/testsuite/g++.dg/pr58245-1.C b/gcc/testsuite/g++.dg/pr58245-1.C
+new file mode 100644
+index 00000000000..1439bc62e71
+--- /dev/null
++++ b/gcc/testsuite/g++.dg/pr58245-1.C
+@@ -0,0 +1,10 @@
++/* { dg-do compile { target i?86-*-* x86_64-*-* rs6000-*-* s390x-*-* } } */
++/* { dg-options "-O2 -fstack-protector-all" } */
++
++void
++bar (void)
++{
++ throw 1;
++}
++
++/* { dg-final { scan-assembler-times "stack_chk_fail" 1 } } */
+--
+2.31.1
+
hooks/post-receive
--
IPFire 3.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-03-24 10:58 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-24 10:58 [git.ipfire.org] IPFire 3.x development tree branch, master, updated. 48c0a8414ddae2a6e443a0fdd253f7944cb6a8a7 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox