about summary refs log tree commit diff
path: root/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh')
-rw-r--r--nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh6
1 files changed, 5 insertions, 1 deletions
diff --git a/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh b/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh
index e884f8388b58..ef166e2f50c5 100644
--- a/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh
+++ b/nixpkgs/pkgs/build-support/cc-wrapper/add-hardening.sh
@@ -32,7 +32,7 @@ if [[ -n "${hardeningEnableMap[fortify3]-}" ]]; then
 fi
 
 if (( "${NIX_DEBUG:-0}" >= 1 )); then
-  declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format zerocallusedregs)
+  declare -a allHardeningFlags=(fortify fortify3 stackprotector pie pic strictoverflow format trivialautovarinit zerocallusedregs)
   declare -A hardeningDisableMap=()
 
   # Determine which flags were effectively disabled so we can report below.
@@ -106,6 +106,10 @@ for flag in "${!hardeningEnableMap[@]}"; do
         hardeningCFlagsBefore+=('-fno-strict-overflow')
       fi
       ;;
+    trivialautovarinit)
+      if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling trivialautovarinit >&2; fi
+      hardeningCFlagsBefore+=('-ftrivial-auto-var-init=pattern')
+      ;;
     format)
       if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi
       hardeningCFlagsBefore+=('-Wformat' '-Wformat-security' '-Werror=format-security')
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-17 15:01:09 +0000