From 557c174a3c88bde4e096d9ed89758182266f7bb0 Mon Sep 17 00:00:00 2001 From: Nick Hainke Date: Wed, 10 May 2023 03:53:34 +0200 Subject: [PATCH] toolchain: gcc: add fanalyzer config option Add gcc config option for fanalyzer. As a result of this option, a static analysis of the program flow is conducted, allowing interprocedural paths to be identified and warnings to be issued if problems are identified. Link: https://github.com/openwrt/openwrt/pull/12576 Signed-off-by: Nick Hainke --- config/Config-build.in | 9 +++++++++ include/hardening.mk | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/config/Config-build.in b/config/Config-build.in index caeae79944..5eaca5a945 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -250,6 +250,15 @@ menu "Global build settings" comment "Hardening build options" + config PKG_FANALYZER + bool + prompt "Enable gcc fanalyzer" + default n + help + Add -fanalyzer to the CFLAGS. As a result of this option, a static analysis + of the program flow is conducted, allowing interprocedural paths to be + identified and warnings to be issued if problems are identified. + config PKG_CHECK_FORMAT_SECURITY bool prompt "Enable gcc format-security" diff --git a/include/hardening.mk b/include/hardening.mk index 1565e5aa27..c5d836eec0 100644 --- a/include/hardening.mk +++ b/include/hardening.mk @@ -9,6 +9,7 @@ PKG_SSP ?= 1 PKG_FORTIFY_SOURCE ?= 1 PKG_RELRO ?= 1 PKG_DT_RELR ?= 1 +PKG_FANALYZER ?= 0 ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1) @@ -77,3 +78,8 @@ ifdef CONFIG_PKG_DT_RELR endif endif +ifdef CONFIG_PKG_FANALYZER + ifeq ($(strip $(PKG_FANALYZER)),1) + TARGET_CFLAGS += -fanalyzer + endif +endif -- 2.30.2