[pacman-dev] [PATCH] Add -fstack-clash-protection to CFLAGS in debug builds if available

[Allan McRae]

Signed-off-by: Allan McRae <allan at archlinux.org>
---

Tested with GCC (supports this flag) and clang (does not support).

Did not add to meson builds, as it appears that all these flags are not
added to the build anywhere in the meson files.

 configure.ac    |  1 +
 m4/acinclude.m4 | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/configure.ac b/configure.ac
index ba54c2dd..6f336022 100644
--- a/configure.ac
+++ b/configure.ac
@@ -443,6 +443,7 @@ if test "x$debug" = "xyes" ; then
 	# Check for -fstack-protector availability
 	GCC_STACK_PROTECT_LIB
 	GCC_STACK_PROTECT_CC
+	GCC_STACK_CLASH_PROTECTION
 	GCC_FORTIFY_SOURCE_CC
 	WARNING_CFLAGS="-g -Wall -Werror"
 else
diff --git a/m4/acinclude.m4 b/m4/acinclude.m4
index 15bb31e8..845c8286 100644
--- a/m4/acinclude.m4
+++ b/m4/acinclude.m4
@@ -38,6 +38,25 @@ AC_DEFUN([GCC_STACK_PROTECT_CC],[
   fi
 ])
 
+dnl GCC_STACK_CLASH_PROTECTION
+dnl check -fstack-clash-protection with the C compiler, if it exists then
+dnl updates CFLAGS
+AC_DEFUN([GCC_STACK_CLASH_PROTECTION],[
+  AC_LANG_ASSERT(C)
+  if test "X$CC" != "X"; then
+    AC_CACHE_CHECK([whether ${CC} accepts -fstack-clash-protection],
+      scp_cv_cc,
+      [scp_old_cflags="$CFLAGS"
+       CFLAGS="$CFLAGS -fstack-clash-protection"
+       AC_TRY_COMPILE(,, scp_cv_cc=yes, scp_cv_cc=no)
+       CFLAGS="$scp_old_cflags"
+      ])
+    if test $scp_cv_cc = yes; then
+      CFLAGS="$CFLAGS -fstack-clash-protection"
+    fi
+  fi
+])
+
 dnl GCC_FORTIFY_SOURCE_CC
 dnl checks -D_FORTIFY_SOURCE with the C compiler, if it exists then updates
 dnl CPPFLAGS
-- 
2.20.0