Skip to content

Commit

Permalink
Revert "Add compiler flags suggested by security review (#4368) (#177)…
Browse files Browse the repository at this point in the history
…" (#186)

This reverts commit 9bbd435.

This caused major regressions, see flutter/flutter#23678.

In the future, we can check the flags individually to see which we can add without regressing our benchmarks.
  • Loading branch information
goderbauer authored Oct 29, 2018
1 parent 8b75164 commit 11a934e
Showing 1 changed file with 6 additions and 31 deletions.
37 changes: 6 additions & 31 deletions build/config/compiler/BUILD.gn
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ config("compiler") {
cflags_objcc += common_flags

# Stack protection.
if (is_mac || is_android) {
if (is_mac) {
cflags += [ "-fstack-protector-all" ]
} else if (is_linux) {
cflags += [
Expand Down Expand Up @@ -338,10 +338,12 @@ config("compiler") {
# ---------------------------------
if (is_linux || is_android) {
cflags += [
"-fPIC",
"-pipe", # Use pipes for communicating between sub-processes. Faster.
]

ldflags += [
"-fPIC",
"-Wl,-z,noexecstack",
"-Wl,-z,now",
"-Wl,-z,relro",
Expand All @@ -354,14 +356,8 @@ config("compiler") {
# Linux-specific compiler flags setup.
# ------------------------------------
if (is_linux) {
cflags += [
"-pthread",
"-fPIC"
]
ldflags += [
"-pthread",
"-fPIC"
]
cflags += [ "-pthread" ]
ldflags += [ "-pthread" ]

if (current_cpu == "arm64") {
cflags += [ "--target=aarch64-linux-gnu" ]
Expand Down Expand Up @@ -395,32 +391,14 @@ config("compiler") {
cflags_cc += cc_std
cflags_objcc += cc_std

# iOS-specific flags setup.
# -----------------------------
if (is_ios) {
cflags += [
"-fPIE"
]
ldflags += [
"-pie"
]
}

# Android-specific flags setup.
# -----------------------------
if (is_android) {
cflags += [
"-fPIE",
"-ffunction-sections",
"-funwind-tables",
"-fno-short-enums",
"-nostdinc++",

# TODO(kf6gpe): -Wa,--noexecstack is not supported by the Mac toolchain
# with targeting Android. https://github.com/flutter/flutter/issues/23606
# "-Wa,--noexecstack",
"-Wformat",
"-Wformat-security",
]
if (!is_clang) {
# Clang doesn't support these flags.
Expand All @@ -447,12 +425,9 @@ config("compiler") {
}

ldflags += [
"-pie",
"-Wl,--no-undefined",
"-Wl,--exclude-libs,ALL",
"-Wl,-z,relro,-z,now",
"-fuse-ld=lld",

# Enable identical code folding to reduce size.
"-Wl,--icf=all",
]
Expand Down Expand Up @@ -674,7 +649,7 @@ config("chromium_code") {
"__STDC_FORMAT_MACROS",
]

if (is_ios || is_android || (!using_sanitizer && (!is_linux || !is_clang))) {
if (!using_sanitizer && (!is_linux || !is_clang)) {
# _FORTIFY_SOURCE isn't really supported by Clang now, see
# http://llvm.org/bugs/show_bug.cgi?id=16821.
# It seems to work fine with Ubuntu 12 headers though, so use it in
Expand Down

0 comments on commit 11a934e

Please sign in to comment.