cc-wrapper: use -fwrapv instead of -fno-strict-overflow in clang

This commit is contained in:
Theodore Ni 2023-07-14 22:35:50 -07:00
parent 06e7a18235
commit acb182363b
No known key found for this signature in database
GPG Key ID: 48B67583BDDD4474
2 changed files with 14 additions and 2 deletions

View File

@ -81,8 +81,18 @@ for flag in "${!hardeningEnableMap[@]}"; do
hardeningCFlags+=('-fPIC')
;;
strictoverflow)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi
hardeningCFlags+=('-fno-strict-overflow')
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi
if (( @isClang@ )); then
# In Clang, -fno-strict-overflow only serves to set -fwrapv and is
# reported as an unused CLI argument if -fwrapv or -fno-wrapv is set
# explicitly, so we side step that by doing the conversion here.
#
# See: https://github.com/llvm/llvm-project/blob/llvmorg-16.0.6/clang/lib/Driver/ToolChains/Clang.cpp#L6315
#
hardeningCFlags+=('-fwrapv')
else
hardeningCFlags+=('-fno-strict-overflow')
fi
;;
format)
if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi

View File

@ -609,6 +609,8 @@ stdenv.mkDerivation {
env = {
inherit isClang;
# for substitution in utils.bash
expandResponseParams = "${expand-response-params}/bin/expand-response-params";
shell = getBin shell + shell.shellPath or "";