From e840d2e958631a7091f7a4379413150c174ba722 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 10 Nov 2025 21:26:27 +0000 Subject: [PATCH 1/5] Initial plan From 16d4fe46b7f358e0b3a1acf3b29cff0fe2f360ff Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 10 Nov 2025 21:51:22 +0000 Subject: [PATCH 2/5] Add SDL linker switches to System.Globalization.Native and System.IO.Compression.Native Co-authored-by: agocke <515774+agocke@users.noreply.github.com> --- .../libs/System.Globalization.Native/CMakeLists.txt | 8 ++++++++ .../libs/System.IO.Compression.Native/CMakeLists.txt | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/src/native/libs/System.Globalization.Native/CMakeLists.txt b/src/native/libs/System.Globalization.Native/CMakeLists.txt index 72952c259c44b5..c919bec303fd30 100644 --- a/src/native/libs/System.Globalization.Native/CMakeLists.txt +++ b/src/native/libs/System.Globalization.Native/CMakeLists.txt @@ -165,6 +165,14 @@ if (GEN_SHARED_LIB) ${FOUNDATION} ) + # Add SDL required linker switches for Windows builds + if(CLR_CMAKE_TARGET_WIN32) + set_property(TARGET System.Globalization.Native APPEND_STRING PROPERTY LINK_FLAGS " /DYNAMICBASE /NXCOMPAT") + if(CLR_CMAKE_TARGET_ARCH_AMD64 OR CLR_CMAKE_TARGET_ARCH_ARM64) + set_property(TARGET System.Globalization.Native APPEND_STRING PROPERTY LINK_FLAGS " /HIGHENTROPYVA") + endif() + endif() + if(CLR_CMAKE_TARGET_WIN32) include(GenerateExportHeader) GENERATE_EXPORT_HEADER( System.Globalization.Native diff --git a/src/native/libs/System.IO.Compression.Native/CMakeLists.txt b/src/native/libs/System.IO.Compression.Native/CMakeLists.txt index 5bf84b8a96f6ae..9cbe92bde683cc 100644 --- a/src/native/libs/System.IO.Compression.Native/CMakeLists.txt +++ b/src/native/libs/System.IO.Compression.Native/CMakeLists.txt @@ -158,6 +158,12 @@ else () target_include_directories(System.IO.Compression.Native PUBLIC ${BROTLI_INCLUDE_DIRS}) target_link_libraries(System.IO.Compression.Native PUBLIC ${BROTLI_LIBRARIES}) + + # Add SDL required linker switches for Windows builds + set_property(TARGET System.IO.Compression.Native APPEND_STRING PROPERTY LINK_FLAGS " /DYNAMICBASE /NXCOMPAT") + if(CLR_CMAKE_TARGET_ARCH_AMD64 OR CLR_CMAKE_TARGET_ARCH_ARM64) + set_property(TARGET System.IO.Compression.Native APPEND_STRING PROPERTY LINK_FLAGS " /HIGHENTROPYVA") + endif() endif () if (NOT GEN_SHARED_LIB AND NOT CLR_CMAKE_TARGET_MACCATALYST AND NOT CLR_CMAKE_TARGET_IOS AND NOT CLR_CMAKE_TARGET_TVOS AND NOT CLR_CMAKE_TARGET_ANDROID) From 82bd20a54b361827ff055376dc70dffb2f571082 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 10 Nov 2025 23:53:42 +0000 Subject: [PATCH 3/5] Add /sdl flag to MSVC compile options in central location Removed individual SDL linker switches from CMakeLists.txt files and instead added the /sdl compiler flag globally in eng/native/configurecompiler.cmake. This approach is cleaner and applies the SDL checks to all MSVC builds from a central location. Co-authored-by: agocke <515774+agocke@users.noreply.github.com> --- eng/native/configurecompiler.cmake | 1 + .../libs/System.Globalization.Native/CMakeLists.txt | 8 -------- .../libs/System.IO.Compression.Native/CMakeLists.txt | 6 ------ 3 files changed, 1 insertion(+), 14 deletions(-) diff --git a/eng/native/configurecompiler.cmake b/eng/native/configurecompiler.cmake index a3ed8cefb45d72..4c0283e51b15a9 100644 --- a/eng/native/configurecompiler.cmake +++ b/eng/native/configurecompiler.cmake @@ -822,6 +822,7 @@ if (MSVC) set_property(GLOBAL PROPERTY MSVC_WARNING_LEVEL 4) add_compile_options($<$:/W$>) add_compile_options($<$:/WX>) # treat warnings as errors + add_compile_options($<$:/sdl>) # enable additional security checks add_compile_options($<$:/Oi>) # enable intrinsics add_compile_options($<$:/Oy->) # disable suppressing of the creation of frame pointers on the call stack for quicker function calls add_compile_options($<$:/Gm->) # disable minimal rebuild diff --git a/src/native/libs/System.Globalization.Native/CMakeLists.txt b/src/native/libs/System.Globalization.Native/CMakeLists.txt index c919bec303fd30..72952c259c44b5 100644 --- a/src/native/libs/System.Globalization.Native/CMakeLists.txt +++ b/src/native/libs/System.Globalization.Native/CMakeLists.txt @@ -165,14 +165,6 @@ if (GEN_SHARED_LIB) ${FOUNDATION} ) - # Add SDL required linker switches for Windows builds - if(CLR_CMAKE_TARGET_WIN32) - set_property(TARGET System.Globalization.Native APPEND_STRING PROPERTY LINK_FLAGS " /DYNAMICBASE /NXCOMPAT") - if(CLR_CMAKE_TARGET_ARCH_AMD64 OR CLR_CMAKE_TARGET_ARCH_ARM64) - set_property(TARGET System.Globalization.Native APPEND_STRING PROPERTY LINK_FLAGS " /HIGHENTROPYVA") - endif() - endif() - if(CLR_CMAKE_TARGET_WIN32) include(GenerateExportHeader) GENERATE_EXPORT_HEADER( System.Globalization.Native diff --git a/src/native/libs/System.IO.Compression.Native/CMakeLists.txt b/src/native/libs/System.IO.Compression.Native/CMakeLists.txt index 9cbe92bde683cc..5bf84b8a96f6ae 100644 --- a/src/native/libs/System.IO.Compression.Native/CMakeLists.txt +++ b/src/native/libs/System.IO.Compression.Native/CMakeLists.txt @@ -158,12 +158,6 @@ else () target_include_directories(System.IO.Compression.Native PUBLIC ${BROTLI_INCLUDE_DIRS}) target_link_libraries(System.IO.Compression.Native PUBLIC ${BROTLI_LIBRARIES}) - - # Add SDL required linker switches for Windows builds - set_property(TARGET System.IO.Compression.Native APPEND_STRING PROPERTY LINK_FLAGS " /DYNAMICBASE /NXCOMPAT") - if(CLR_CMAKE_TARGET_ARCH_AMD64 OR CLR_CMAKE_TARGET_ARCH_ARM64) - set_property(TARGET System.IO.Compression.Native APPEND_STRING PROPERTY LINK_FLAGS " /HIGHENTROPYVA") - endif() endif () if (NOT GEN_SHARED_LIB AND NOT CLR_CMAKE_TARGET_MACCATALYST AND NOT CLR_CMAKE_TARGET_IOS AND NOT CLR_CMAKE_TARGET_TVOS AND NOT CLR_CMAKE_TARGET_ANDROID) From 25146f129bf1771d5fa38e54f8252303f82f4aa3 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 11 Nov 2025 00:26:21 +0000 Subject: [PATCH 4/5] Remove redundant /GS flag since /sdl already includes it The /sdl flag is a superset of /GS, so the explicit /GS flag is redundant and can be removed. Co-authored-by: agocke <515774+agocke@users.noreply.github.com> --- eng/native/configurecompiler.cmake | 1 - 1 file changed, 1 deletion(-) diff --git a/eng/native/configurecompiler.cmake b/eng/native/configurecompiler.cmake index 4c0283e51b15a9..381c962992e130 100644 --- a/eng/native/configurecompiler.cmake +++ b/eng/native/configurecompiler.cmake @@ -828,7 +828,6 @@ if (MSVC) add_compile_options($<$:/Gm->) # disable minimal rebuild add_compile_options($<$:/Zp8>) # pack structs on 8-byte boundary add_compile_options($<$:/Gy>) # separate functions for linker - add_compile_options($<$:/GS>) # Explicitly enable the buffer security checks add_compile_options($<$:/fp:precise>) # Enable precise floating point # Disable C++ RTTI From e3b098d60fd2ada25673e982a38f86691872440f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 11 Nov 2025 00:53:08 +0000 Subject: [PATCH 5/5] Remove redundant /we options that are included in /sdl flag The /sdl flag automatically enables SDL-required warnings as errors (C4055, C4146, C4242, C4244, C4267, C4302, C4308, C4509, C4510, C4532, C4533, C4610, C4611, C4700, C4701, C4703, C4789, C4995, C4996), so these explicit /we options are no longer needed. Co-authored-by: jkotas <6668460+jkotas@users.noreply.github.com> --- eng/native/configurecompiler.cmake | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/eng/native/configurecompiler.cmake b/eng/native/configurecompiler.cmake index 381c962992e130..f0eb8c9b4747ee 100644 --- a/eng/native/configurecompiler.cmake +++ b/eng/native/configurecompiler.cmake @@ -881,29 +881,6 @@ if (MSVC) add_compile_options($<$:/we4640>) # 'instance' : construction of local static object is not thread-safe add_compile_options($<$:/we4806>) # Unsafe operation involving type 'bool'. - # SDL requires the below warnings to be treated as errors: - # More info: https://liquid.microsoft.com/Web/Object/Read/ms.security/Requirements/Microsoft.Security.SystemsADM.10086 - # (Access to that URL restricted to Microsoft employees.) - add_compile_options($<$:/we4055>) # 'conversion' : from data pointer 'type1' to function pointer 'type2' - add_compile_options($<$:/we4146>) # unary minus operator applied to unsigned type, result still unsigned - add_compile_options($<$:/we4242>) # 'identifier' : conversion from 'type1' to 'type2', possible loss of data - add_compile_options($<$:/we4244>) # 'conversion' conversion from 'type1' to 'type2', possible loss of data - add_compile_options($<$:/we4267>) # 'var' : conversion from 'size_t' to 'type', possible loss of data - add_compile_options($<$:/we4302>) # 'conversion' : truncation from 'type 1' to 'type 2' - add_compile_options($<$:/we4308>) # negative integral constant converted to unsigned type - add_compile_options($<$:/we4509>) # nonstandard extension used: 'function' uses SEH and 'object' has destructor - add_compile_options($<$:/we4510>) # 'class' : default constructor could not be generated - add_compile_options($<$:/we4532>) # 'continue' : jump out of __finally/finally block has undefined behavior during termination handling - add_compile_options($<$:/we4533>) # initialization of 'variable' is skipped by 'instruction' - add_compile_options($<$:/we4610>) # object 'class' can never be instantiated - user-defined constructor required - add_compile_options($<$:/we4611>) # interaction between 'function' and C++ object destruction is non-portable - add_compile_options($<$:/we4700>) # uninitialized local variable 'name' used - add_compile_options($<$:/we4701>) # Potentially uninitialized local variable 'name' used - add_compile_options($<$:/we4703>) # Potentially uninitialized local pointer variable 'name' used - add_compile_options($<$:/we4789>) # destination of memory copy is too small - add_compile_options($<$:/we4995>) # 'function': name was marked as #pragma deprecated - add_compile_options($<$:/we4996>) # 'function': was declared deprecated - # Set Warning Level 3: add_compile_options($<$:/w34092>) # Sizeof returns 'unsigned long'. add_compile_options($<$:/w34121>) # Structure is sensitive to alignment.