github/flutter
7
0
Fork 0
mirror of https://github.com/flutter/flutter.git synced 2025-06-03 00:51:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Add compiler flags suggested by security review (#4368) (#177)" (#186)

Browse Source 
This reverts commit 9bbd435379.

This caused major regressions, see https://github.com/flutter/flutter/issues/23678.

In the future, we can check the flags individually to see which we can add without regressing our benchmarks.
This commit is contained in:
Michael Goderbauer 2018-10-29 10:52:37 -07:00 committed by GitHub
parent 8b75164b0d
commit 11a934e99e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
build/config/compiler/BUILD.gn
View File

@ -96,7 +96,7 @@ config("compiler") {
cflags_objcc += common_flags cflags_objcc += common_flags
# Stack protection. # Stack protection.
if (is_mac || is_android) { if (is_mac) {
cflags += [ "-fstack-protector-all" ] cflags += [ "-fstack-protector-all" ]
} else if (is_linux) { } else if (is_linux) {
cflags += [ cflags += [
@ -338,10 +338,12 @@ config("compiler") {
# --------------------------------- # ---------------------------------
if (is_linux || is_android) { if (is_linux || is_android) {
cflags += [ cflags += [
"-fPIC",
"-pipe", # Use pipes for communicating between sub-processes. Faster. "-pipe", # Use pipes for communicating between sub-processes. Faster.
] ]
ldflags += [ ldflags += [
"-fPIC",
"-Wl,-z,noexecstack", "-Wl,-z,noexecstack",
"-Wl,-z,now", "-Wl,-z,now",
"-Wl,-z,relro", "-Wl,-z,relro",
@ -354,14 +356,8 @@ config("compiler") {
# Linux-specific compiler flags setup. # Linux-specific compiler flags setup.
# ------------------------------------ # ------------------------------------
if (is_linux) { if (is_linux) {
cflags += [ cflags += [ "-pthread" ]
"-pthread", ldflags += [ "-pthread" ]
"-fPIC"
]
ldflags += [
"-pthread",
"-fPIC"
]
if (current_cpu == "arm64") { if (current_cpu == "arm64") {
cflags += [ "--target=aarch64-linux-gnu" ] cflags += [ "--target=aarch64-linux-gnu" ]
@ -395,32 +391,14 @@ config("compiler") {
cflags_cc += cc_std cflags_cc += cc_std
cflags_objcc += cc_std cflags_objcc += cc_std
# iOS-specific flags setup.
# -----------------------------
if (is_ios) {
cflags += [
"-fPIE"
]
ldflags += [
"-pie"
]
}
# Android-specific flags setup. # Android-specific flags setup.
# ----------------------------- # -----------------------------
if (is_android) { if (is_android) {
cflags += [ cflags += [
"-fPIE",
"-ffunction-sections", "-ffunction-sections",
"-funwind-tables", "-funwind-tables",
"-fno-short-enums", "-fno-short-enums",
"-nostdinc++", "-nostdinc++",
# TODO(kf6gpe): -Wa,--noexecstack is not supported by the Mac toolchain
# with targeting Android. https://github.com/flutter/flutter/issues/23606
# "-Wa,--noexecstack",
"-Wformat",
"-Wformat-security",
] ]
if (!is_clang) { if (!is_clang) {
# Clang doesn't support these flags. # Clang doesn't support these flags.
@ -447,12 +425,9 @@ config("compiler") {
} }
ldflags += [ ldflags += [
"-pie",
"-Wl,--no-undefined", "-Wl,--no-undefined",
"-Wl,--exclude-libs,ALL", "-Wl,--exclude-libs,ALL",
"-Wl,-z,relro,-z,now",
"-fuse-ld=lld", "-fuse-ld=lld",
# Enable identical code folding to reduce size. # Enable identical code folding to reduce size.
"-Wl,--icf=all", "-Wl,--icf=all",
] ]
@ -674,7 +649,7 @@ config("chromium_code") {
"__STDC_FORMAT_MACROS", "__STDC_FORMAT_MACROS",
] ]
if (is_ios || is_android || (!using_sanitizer && (!is_linux || !is_clang))) { if (!using_sanitizer && (!is_linux || !is_clang)) {
# _FORTIFY_SOURCE isn't really supported by Clang now, see # _FORTIFY_SOURCE isn't really supported by Clang now, see
# http://llvm.org/bugs/show_bug.cgi?id=16821. # http://llvm.org/bugs/show_bug.cgi?id=16821.
# It seems to work fine with Ubuntu 12 headers though, so use it in # It seems to work fine with Ubuntu 12 headers though, so use it in