build: Add -fstack-protector-strong compiler flag
Enable stack protection to detect buffer overflows and harden the binary. This flag adds a canary to stack frames, causing the program to terminate immediately if stack corruption is detected. This helps identify memory safety bugs earlier during development by turning silent corruption into an immediate crash, and provides protection against stack-smashing exploits at runtime with negligible performance overhead. We don't add this generally because we wan't distributions/users to decide if they want it. But it can help us find problems early on during development.
This commit is contained in:
@@ -65,6 +65,7 @@ if is_debug
|
||||
'-Wunused',
|
||||
'-Wall',
|
||||
'-Wextra',
|
||||
'-fstack-protector-strong'
|
||||
], language: 'c')
|
||||
endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user