build: Enable _FORTIFY_SOURCE and -Og optimization
Add security hardening via _FORTIFY_SOURCE=2 and switch to -Og to provide the necessary optimization for these checks while remaining debugger friendly. The goal is to catch many buffer overflows and format string errors at compile-time or runtime. -Og may occasionally optimize out very short-lived local variables, making them invisible in the debugger. So i'm not sure this is a very good idea. But I hope that we will find bugs earlier and don't even need to debug that often. We might revert this change later though in case we run into problems too often. I'm not aware of any other downsides.
This commit is contained in:
@@ -65,7 +65,9 @@ if is_debug
|
||||
'-Wunused',
|
||||
'-Wall',
|
||||
'-Wextra',
|
||||
'-fstack-protector-strong'
|
||||
'-fstack-protector-strong',
|
||||
'-D_FORTIFY_SOURCE=2',
|
||||
'-Og'
|
||||
], language: 'c')
|
||||
endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user