صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
LiuZe
/
env
1
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
شاخه: master
شاخه‌ها تگ‌ها
env
/
opencv-4.8.0
/
cmake
/
OpenCVCompilerDefenses.cmake

OpenCVCompilerDefenses.cmake 3.4 KB
لینک دائمی تاريخچه خام

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. # Enable build defense flags.
    2. 

  2. # Performance may be affected.
    3. 

  3. # More information:
    4. 

  4. # - https://www.owasp.org/index.php/C-Based_Toolchain_Hardening
    5. 

  5. # - https://wiki.debian.org/Hardening
    6. 

  6. # - https://wiki.gentoo.org/wiki/Hardened/Toolchain
    7. 

  7. # - https://docs.microsoft.com/en-us/cpp/build/reference/sdl-enable-additional-security-checks
    8. 

  8. # - https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html
    9. 

  9. 

  10. set(OPENCV_LINKER_DEFENSES_FLAGS_COMMON "")
    11. 

  11. 

  12. macro(ocv_add_defense_compiler_flag option)
    13. 

  13.   ocv_check_flag_support(CXX "${option}" _varname "${ARGN}")
    14. 

  14.   if(${_varname})
    15. 

  15.     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${option}")
    16. 

  16.   endif()
    17. 

  17. 

  18.   ocv_check_flag_support(C "${option}" _varname "${ARGN}")
    19. 

  19.   if(${_varname})
    20. 

  20.     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${option}")
    21. 

  21.   endif()
    22. 

  22. endmacro()
    23. 

  23. 

  24. macro(ocv_add_defense_compiler_flag_release option)
    25. 

  25.   ocv_check_flag_support(CXX "${option}" _varname "${ARGN}")
    26. 

  26.   if(${_varname})
    27. 

  27.     set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} ${option}")
    28. 

  28.   endif()
    29. 

  29. 

  30.   ocv_check_flag_support(C "${option}" _varname "${ARGN}")
    31. 

  31.   if(${_varname})
    32. 

  32.     set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} ${option}")
    33. 

  33.   endif()
    34. 

  34. endmacro()
    35. 

  35. 

  36. # Define flags
    37. 

  37. 

  38. if(MSVC)
    39. 

  39.   ocv_add_defense_compiler_flag("/GS")
    40. 

  40.   ocv_add_defense_compiler_flag("/sdl")
    41. 

  41.   ocv_add_defense_compiler_flag("/guard:cf")
    42. 

  42.   ocv_add_defense_compiler_flag("/w34018 /w34146 /w34244 /w34267 /w34302 /w34308 /w34509 /w34532 /w34533 /w34700 /w34789 /w34995 /w34996")
    43. 

  43.   set(OPENCV_LINKER_DEFENSES_FLAGS_COMMON "${OPENCV_LINKER_DEFENSES_FLAGS_COMMON} /guard:cf /dynamicbase" )
    44. 

  44.   if(NOT X86_64)
    45. 

  45.     set(OPENCV_LINKER_DEFENSES_FLAGS_COMMON "${OPENCV_LINKER_DEFENSES_FLAGS_COMMON} /safeseh")
    46. 

  46.   endif()
    47. 

  47. elseif(CV_CLANG)
    48. 

  48.   ocv_add_defense_compiler_flag("-fstack-protector-strong")
    49. 

  49.   ocv_add_defense_compiler_flag_release("-D_FORTIFY_SOURCE=2")
    50. 

  50.   if (NOT APPLE)
    51. 

  51.     set(OPENCV_LINKER_DEFENSES_FLAGS_COMMON "${OPENCV_LINKER_DEFENSES_FLAGS_COMMON} -z noexecstack -z relro -z now" )
    52. 

  52.   endif()
    53. 

  53. elseif(CV_GCC)
    54. 

  54.   if(CMAKE_CXX_COMPILER_VERSION VERSION_LESS "4.9")
    55. 

  55.     ocv_add_defense_compiler_flag("-fstack-protector")
    56. 

  56.   else()
    57. 

  57.     ocv_add_defense_compiler_flag("-fstack-protector-strong")
    58. 

  58.   endif()
    59. 

  59. 

  60.   # These flags is added by general options: -Wformat -Wformat-security
    61. 

  61.   if(NOT CMAKE_CXX_FLAGS MATCHES "-Wformat" OR NOT CMAKE_CXX_FLAGS MATCHES "format-security")
    62. 

  62.     message(FATAL_ERROR "Defense flags: uncompatible options")
    63. 

  63.   endif()
    64. 

  64. 

  65.   if(ANDROID)
    66. 

  66.     ocv_add_defense_compiler_flag_release("-D_FORTIFY_SOURCE=2")
    67. 

  67.     if(NOT CMAKE_CXX_FLAGS_RELEASE MATCHES "-D_FORTIFY_SOURCE=2") # TODO Check this
    68. 

  68.       ocv_add_defense_compiler_flag_release("-D_FORTIFY_SOURCE=1")
    69. 

  69.     endif()
    70. 

  70.   else()
    71. 

  71.     ocv_add_defense_compiler_flag_release("-D_FORTIFY_SOURCE=2")
    72. 

  72.   endif()
    73. 

  73. 

  74.   set(OPENCV_LINKER_DEFENSES_FLAGS_COMMON "${OPENCV_LINKER_DEFENSES_FLAGS_COMMON} -z noexecstack -z relro -z now" )
    75. 

  75. else()
    76. 

  76.   # not supported
    77. 

  77. endif()
    78. 

  78. 

  79. set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)
    80. 

  80. if(CV_GCC OR CV_CLANG)
    81. 

  81.     if(NOT CMAKE_CXX_FLAGS MATCHES "-fPIC")
    82. 

  82.       ocv_add_defense_compiler_flag("-fPIC")
    83. 

  83.     endif()
    84. 

  84.   set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie")
    85. 

  85. endif()
    86. 

  86. 

  87. set( CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${OPENCV_LINKER_DEFENSES_FLAGS_COMMON}" )
    88. 

  88. set( CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} ${OPENCV_LINKER_DEFENSES_FLAGS_COMMON}" )
    89. 

  89. set( CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${OPENCV_LINKER_DEFENSES_FLAGS_COMMON}" )
    90.