From 606a10208a5f10f95b97fabcada318ad58b71f3c Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Thu, 26 Feb 2026 08:50:12 +0100 Subject: [PATCH] build: Enable _FORTIFY_SOURCE and -Og optimization Add security hardening via _FORTIFY_SOURCE=2 and switch to -Og to provide the necessary optimization for these checks while remaining debugger friendly. The goal is to catch many buffer overflows and format string errors at compile-time or runtime. -Og may occasionally optimize out very short-lived local variables, making them invisible in the debugger. So i'm not sure this is a very good idea. But I hope that we will find bugs earlier and don't even need to debug that often. We might revert this change later though in case we run into problems too often. I'm not aware of any other downsides. --- meson.build | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 6861e75b..854c8cc3 100644 --- a/meson.build +++ b/meson.build @@ -65,7 +65,9 @@ if is_debug '-Wunused', '-Wall', '-Wextra', - '-fstack-protector-strong' + '-fstack-protector-strong', + '-D_FORTIFY_SOURCE=2', + '-Og' ], language: 'c') endif