Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-02-08 18:58:29 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix security settings on MSVC build

Browse Source 
* Properly set DEP, ASLR, and Control Flow Guards when building with MSVC
* Improve PDB file (/Zf) creation speed
* Add address sanitization checks in debug builds by default (/fsanitize=address) with MSVC 2019+
This commit is contained in:
Jonathan White 2021-12-07 23:14:10 -05:00
parent b29e8fb0b5
commit 9b7e54947b
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CMakeLists.txt
View File

@ -24,6 +24,9 @@ if(NOT CMAKE_BUILD_TYPE)
FORCE) FORCE)
endif() endif()
string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER) string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo")
set(IS_DEBUG_BUILD TRUE)
endif()
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
@ -313,6 +316,7 @@ endif()
set(CMAKE_C_STANDARD 99) set(CMAKE_C_STANDARD 99)
set(CMAKE_CXX_STANDARD 17) set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
check_add_gcc_compiler_flag("-fsized-deallocation" CXX) check_add_gcc_compiler_flag("-fsized-deallocation" CXX)
@ -327,13 +331,18 @@ else()
add_gcc_compiler_cxxflags("-Wno-deprecated-declarations") add_gcc_compiler_cxxflags("-Wno-deprecated-declarations")
endif() endif()
# MSVC specific options
if (MSVC) if (MSVC)
if(MSVC_VERSION LESS 1910) if(MSVC_TOOLSET_VERSION LESS 141)
message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!") message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!")
endif() endif()
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
add_compile_options(/permissive- /utf-8) add_compile_options(/permissive- /utf-8)
if(IS_DEBUG_BUILD)
add_compile_options(/Zf)
if(MSVC_TOOLSET_VERSION GREATER 141)
add_compile_definitions(/fsanitize=address)
endif()
endif()
endif() endif()
if(WIN32) if(WIN32)
@ -342,12 +351,11 @@ if(WIN32)
if(MINGW) if(MINGW)
set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>") set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>")
endif() endif()
if(NOT (CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo")) if(NOT IS_DEBUG_BUILD)
# Enable DEP, ASLR and on VS additional enable
# control flow guard and buffer security check
if(MSVC) if(MSVC)
add_compile_options(/DYNAMICBASE:YES /guard:cf /GS) # By default MSVC enables NXCOMPAT
add_link_options(/NXCOMPAT /guard:cf) add_compile_options(/guard:cf)
add_link_options(/DYNAMICBASE /HIGHENTROPYVA /GUARD:CF)
else(MINGW) else(MINGW)
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase") set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase") set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")