No description
Find a file
Elliott Hughes 8ebc4d6aab Enable -fstack-protector-strong for x86.
This results in nearly all functions with the possibility of stack
corruption getting stack canaries, because it applies to any function
taking a reference to the frame or with a local array rather than just
the functions with arrays larger than 8 bytes. It was developed for use
in Chrome (and Chrome OS) and has also been adopted by various other
distributions (Arch, Fedora, Ubuntu, etc).

The code size increase ranges from ~1.5% to ~2.5%, compared to ~0.3% to
~0.7% with the more conservative switch. The increase in the performance
loss is usually minimal. The overall size increase once everything other
than C and C++ code is taken into account is minimal, and it greatly
improves the mitigation of stack buffer overflow vulnerabilities.

https://lwn.net/Articles/584225/

Change-Id: I55a9fdbf5777ccdeed9f2e9a23c73bb94ad7b646
2015-12-14 11:15:15 -08:00
core Enable -fstack-protector-strong for x86. 2015-12-14 11:15:15 -08:00
libs/host Add LOCAL_MODULE_HOST_OS 2015-09-03 16:40:51 -07:00
target sepolicy: Fix 'avc denied' issues for the emulators 2015-12-11 16:21:00 +01:00
tools Make signapk use Conscrypt. 2015-12-11 08:36:42 -08:00
.gitignore Add build subprojects to .gitignore 2015-07-23 13:18:47 -07:00
buildspec.mk.default Remove WEBCORE_INSTRUMENTATION and ENABLE_SVG 2013-07-25 15:52:17 -07:00
CleanSpec.mk Fix issie #23116383: Include security patch level in Settings 2015-08-12 16:29:08 -07:00
envsetup.sh Merge "Use sensible default locations for Java" 2015-11-20 10:16:17 +00:00