diff --git a/.travis.yml b/.travis.yml index d722664..e7ff744 100644 --- a/.travis.yml +++ b/.travis.yml @@ -23,6 +23,6 @@ addons: script: - mkdir build - cd build - - cmake .. -DENABLE_CJSON_UTILS=On -DENABLE_VALGRIND="${VALGRIND}" -DENABLE_SANITIZERS="${SANITIZERS}" + - cmake .. -DENABLE_CJSON_UTILS=On -DENABLE_VALGRIND="${VALGRIND}" -DENABLE_SAFE_STACK="${VALGRIND}" -DENABLE_SANITIZERS="${SANITIZERS}" - make - make test CTEST_OUTPUT_ON_FAILURE=On diff --git a/CMakeLists.txt b/CMakeLists.txt index a55acac..ec5196b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -73,6 +73,16 @@ if (ENABLE_SANITIZERS) ) endif() +option(ENABLE_SAFE_STACK "Enables the SafeStack instrumentation pass by the Code Pointer Integrity Project" OFF) +if (ENABLE_SAFE_STACK) + if (ENABLE_SANITIZERS) + message(FATAL_ERROR "ENABLE_SAFE_STACK cannot be used in combination with ENABLE_SANITIZERS") + endif() + list(APPEND custom_compiler_flags + -fsanitize=safe-stack + ) +endif() + option(ENABLE_PUBLIC_SYMBOLS "Export library symbols." On) if (ENABLE_PUBLIC_SYMBOLS) list(APPEND custom_compiler_flags -fvisibility=hidden) diff --git a/README.md b/README.md index a363f52..6ff4e95 100644 --- a/README.md +++ b/README.md @@ -88,6 +88,7 @@ You can change the build process with a list of different options that you can p * `-DENABLE_CUSTOM_COMPILER_FLAGS=On`: Enable custom compiler flags (currently for Clang, GCC and MSVC). Turn off if it makes problems. (on by default) * `-DENABLE_VALGRIND=On`: Run tests with [valgrind](http://valgrind.org). (off by default) * `-DENABLE_SANITIZERS=On`: Compile cJSON with [AddressSanitizer](https://github.com/google/sanitizers/wiki/AddressSanitizer) and [UndefinedBehaviorSanitizer](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html) enabled (if possible). (off by default) +* `-DENABLE_SAFE_STACK`: Enable the [SafeStack](https://clang.llvm.org/docs/SafeStack.html) instrumentation pass. Currently only works with the Clang compiler. (off by default) * `-DBUILD_SHARED_LIBS=On`: Build the shared libraries. (on by default) * `-DBUILD_SHARED_AND_STATIC_LIBS=On`: Build both shared and static libraries. (off by default) * `-DCMAKE_INSTALL_PREFIX=/usr`: Set a prefix for the installation.