From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 5 Jul 2018 17:28:11 +0000 (+0200)
Subject: Compile debug/stack_chk_fail_local.c with stack protector
X-Git-Tag: glibc-2.28~116
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38cade0c461e58770749d7e8973f85c79532838a;p=thirdparty%2Fglibc.git

Compile debug/stack_chk_fail_local.c with stack protector

The resulting object file is statically linked into applications, so
it is desirable to have (formal) stack protector coverage there.
---

diff --git a/ChangeLog b/ChangeLog
index d134e1f29d8..3bfd61a44a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2018-07-05  Florian Weimer  <fweimer@redhat.com>
+	    Carlos O'Donell  <carlos@redhat.com>
+
+	* debug/Makefile (CFLAGS-stack_chk_fail_local.c): Remove
+	$(no-stack-protector).  stack_chk_fail_local.c can be compiled
+	with stack protector enabled because there is no risk of infinite
+	recursion.
+
 2018-07-05  Maciej W. Rozycki  <macro@mips.com>
 
 	[BZ #19818]
diff --git a/debug/Makefile b/debug/Makefile
index c6f6feb0ecf..506cebc3c4c 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -58,10 +58,13 @@ static-only-routines := warning-nop stack_chk_fail_local
 elide-routines.o := stack_chk_fail_local
 
 # Building the stack-protector failure routines with stack protection
-# makes no sense.
+# is not required since we have already failed a stack check and are
+# exiting the process.  However, the local aliases which jump to the
+# real routines should still be compiled with stack protection
+# (stack_chk_fail_local.c), so that the statically linked parts of the
+# library have the expected flags.
 
 CFLAGS-stack_chk_fail.c += $(no-stack-protector)
-CFLAGS-stack_chk_fail_local.c += $(no-stack-protector)
 
 CFLAGS-backtrace.c += -fno-omit-frame-pointer -funwind-tables
 CFLAGS-sprintf_chk.c += $(libio-mtsafe)