From acb182363b506a3add9781711e2ecbeec3e5c3d3 Mon Sep 17 00:00:00 2001 From: Theodore Ni <3806110+tjni@users.noreply.github.com> Date: Fri, 14 Jul 2023 22:35:50 -0700 Subject: [PATCH] cc-wrapper: use -fwrapv instead of -fno-strict-overflow in clang --- pkgs/build-support/cc-wrapper/add-hardening.sh | 14 ++++++++++++-- pkgs/build-support/cc-wrapper/default.nix | 2 ++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/pkgs/build-support/cc-wrapper/add-hardening.sh b/pkgs/build-support/cc-wrapper/add-hardening.sh index 07ac6737f39d..7f5cd4cf4af3 100644 --- a/pkgs/build-support/cc-wrapper/add-hardening.sh +++ b/pkgs/build-support/cc-wrapper/add-hardening.sh @@ -81,8 +81,18 @@ for flag in "${!hardeningEnableMap[@]}"; do hardeningCFlags+=('-fPIC') ;; strictoverflow) - if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi - hardeningCFlags+=('-fno-strict-overflow') + if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling strictoverflow >&2; fi + if (( @isClang@ )); then + # In Clang, -fno-strict-overflow only serves to set -fwrapv and is + # reported as an unused CLI argument if -fwrapv or -fno-wrapv is set + # explicitly, so we side step that by doing the conversion here. + # + # See: https://github.com/llvm/llvm-project/blob/llvmorg-16.0.6/clang/lib/Driver/ToolChains/Clang.cpp#L6315 + # + hardeningCFlags+=('-fwrapv') + else + hardeningCFlags+=('-fno-strict-overflow') + fi ;; format) if (( "${NIX_DEBUG:-0}" >= 1 )); then echo HARDENING: enabling format >&2; fi diff --git a/pkgs/build-support/cc-wrapper/default.nix b/pkgs/build-support/cc-wrapper/default.nix index db3efa068c0f..fd3676ab20ad 100644 --- a/pkgs/build-support/cc-wrapper/default.nix +++ b/pkgs/build-support/cc-wrapper/default.nix @@ -609,6 +609,8 @@ stdenv.mkDerivation { env = { + inherit isClang; + # for substitution in utils.bash expandResponseParams = "${expand-response-params}/bin/expand-response-params"; shell = getBin shell + shell.shellPath or "";