build: Add -fstack-protector-strong compiler flag

Enable stack protection to detect buffer overflows and harden the binary.
This flag adds a canary to stack frames, causing the
program to terminate immediately if stack corruption is detected.

This helps identify memory safety bugs earlier during development by
turning silent corruption into an immediate crash, and provides
protection against stack-smashing exploits at runtime with negligible
performance overhead.

We don't add this generally because we wan't distributions/users to
decide if they want it. But it can help us find problems early on during
development.
This commit is contained in:
Michael Vetter
2026-02-26 08:42:24 +01:00
parent 8fd3c05983
commit e95e8b5c6f

View File

@@ -65,6 +65,7 @@ if is_debug
'-Wunused',
'-Wall',
'-Wextra',
'-fstack-protector-strong'
], language: 'c')
endif