From e8393c3728bf7073d033410373ef6781549c7c3e Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Thu, 4 Feb 2021 11:07:46 +0000 Subject: [build] Work around distros that use -fcf-protection=full by default Some patched versions of gcc (observed with gcc 9.3.0 on Ubuntu 20.04) enable -fcf-protection=full by default. This breaks code that is not explicitly written to expect the use of this flag. The breakage occurs only at runtime if the affected code (such as setjmp()) happens to execute, and is therefore a particularly pernicious class of bug to be introduced into working code by a broken compiler. Work around these broken patched versions of gcc by detecting support for -fcf-protection and explicitly setting -fcf-protection=none if found. If any Ubuntu maintainers are listening: PLEASE STOP DOING THIS. It's extremely unhelpful to have to keep working around breakages that you introduce by modifying the compiler's default behaviour. Do what Red Hat does instead: set your preferred CFLAGS within the package build system rather than by patching the compiler to behave in violation of its own documentation. Signed-off-by: Michael Brown --- src/Makefile.housekeeping | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping index b3fa045..bade2da 100644 --- a/src/Makefile.housekeeping +++ b/src/Makefile.housekeeping @@ -401,6 +401,16 @@ WORKAROUND_CFLAGS += $(PIE_FLAGS) $(PIE_FLAGS2) endif endif +# Some widespread patched versions of gcc include -fcf-protection=full +# by default. +# +ifeq ($(CCTYPE),gcc) +CFP_TEST = $(CC) -fcf-protection=none -x c -c /dev/null -o /dev/null \ + >/dev/null 2>&1 +CFP_FLAGS := $(shell $(CFP_TEST) && $(ECHO) '-fcf-protection=none') +WORKAROUND_CFLAGS += $(CFP_FLAGS) +endif + ############################################################################### # # Source file handling -- cgit v1.1