[cfe-dev] How clang compares with gcc on security hardening ?
Sylvestre Ledru via cfe-dev
cfe-dev at lists.llvm.org
Thu Feb 21 06:13:49 PST 2019
First, thanks for all the answers, super interesting!
Le 19/02/2019 à 22:47, paul.robinson at sony.com a écrit :
> TL;DR: I think "lags significantly" is overstating the case. The only feature I can identify that Clang doesn't have (wrt the things brought up in that Fedora post) is a real `-fstack-clash-protection` implementation.
[...]
>
> -fstack-clash-protection
>
> Clang does not recognize this option. Curiously I see two patches to add it, neither of them has been committed. I think there's a reasonable argument that a key security option should not be recognized and ignored.
>
> FTR, the `buildflags.md` documentation says this keeps large stack allocations from skipping over a check of the guard page.
>
> @Sylvestre do you want to file a bug requesting this option?
Done: https://bugs.llvm.org/show_bug.cgi?id=40802
Thanks again,
S
More information about the cfe-dev
mailing list