Add compiler hardening flags

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1ecbcee4f8dca0049579fc359e7328736f633f53..6bed693ff1c24b881a57aceae3f45e4fef873fc8 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -28,6 +28,49 @@ endif()
 
 add_executable(simplearchiver ${SimpleArchiver_SOURCES})
 
+target_compile_options(simplearchiver PUBLIC
+    -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough
+    -Werror=format-security
+    -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
+    -D_GLIBCXX_ASSERTIONS
+    -fstrict-flex-arrays=3
+    -fstack-clash-protection -fstack-protector-strong
+    -Wl,-z,nodlopen -Wl,-z,noexecstack
+    -Wl,-z,relro -Wl,-z,now
+    -Wl,--as-needed -Wl,--no-copy-dt-needed-entries
+    -fPIE -pie
+)
+
+target_link_options(simplearchiver PUBLIC
+    -Wall -Wformat -Wformat=2 -Wconversion -Wimplicit-fallthrough
+    -Werror=format-security
+    -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3
+    -D_GLIBCXX_ASSERTIONS
+    -fstrict-flex-arrays=3
+    -fstack-clash-protection -fstack-protector-strong
+    -Wl,-z,nodlopen -Wl,-z,noexecstack
+    -Wl,-z,relro -Wl,-z,now
+    -Wl,--as-needed -Wl,--no-copy-dt-needed-entries
+    -fPIE -pie
+)
+
+# Inhibit format-string-related warning in src/archiver.c .
+set_source_files_properties(src/archiver.c
+    PROPERTIES
+        COMPILE_FLAGS -Wno-format-nonliteral
+)
+
+if(CMAKE_BUILD_TYPE STREQUAL "Release")
+    target_compile_options(simplearchiver PUBLIC
+        -fno-delete-null-pointer-checks -fno-strict-overflow
+        -fno-strict-aliasing -ftrivial-auto-var-init=zero
+    )
+    target_link_options(simplearchiver PUBLIC
+        -fno-delete-null-pointer-checks -fno-strict-overflow
+        -fno-strict-aliasing -ftrivial-auto-var-init=zero
+    )
+endif()
+
 add_executable(test_datastructures
     src/data_structures/test.c
     src/data_structures/linked_list.c