Only enable _FORTIFY_SOURCE for opt builds.
Prevents warnings like the following under fastbuild/dbg:
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/x86_64-pc-linux-gnu/bits/os_defines.h:39:0,
from /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/x86_64-pc-linux-gnu/bits/c++config.h:482,
from /usr/lib/gcc/x86_64-pc-linux-gnu/5.4.0/include/g++-v5/string:38,
from third_party/protobuf/3.0.0/src/google/protobuf/empty.pb.h:7,
from third_party/protobuf/3.0.0/src/google/protobuf/empty.pb.cc:5:
/usr/include/features.h:331:4: warning: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Wcpp]
# warning _FORTIFY_SOURCE requires compiling with optimization (-O)
--
Change-Id: I364bb2962ef930c9079ebddcc5855a0b4ee5c138
Reviewed-on: https://cr.bazel.build/7050
PiperOrigin-RevId: 142229574
MOS_MIGRATED_REVID=142229574
diff --git a/tools/cpp/cc_configure.bzl b/tools/cpp/cc_configure.bzl
index bd8cf2d..2c3b974 100644
--- a/tools/cpp/cc_configure.bzl
+++ b/tools/cpp/cc_configure.bzl
@@ -253,12 +253,9 @@
"-D__TIME__=\\\"redacted\\\""
],
"compiler_flag": [
- # Security hardening on by default.
- # Conservative choice; -D_FORTIFY_SOURCE=2 may be unsafe in some cases.
- # We need to undef it before redefining it as some distributions now have
- # it enabled by default.
+ # Security hardening requires optimization.
+ # We need to undef it as some distributions now have it enabled by default.
"-U_FORTIFY_SOURCE",
- "-D_FORTIFY_SOURCE=1",
"-fstack-protector",
# All warnings are enabled. Maybe enable -Werror as well?
"-Wall",
@@ -327,6 +324,10 @@
# Profile first and / or use FDO if you need better performance than this.
"-O2",
+ # Security hardening on by default.
+ # Conservative choice; -D_FORTIFY_SOURCE=2 may be unsafe in some cases.
+ "-D_FORTIFY_SOURCE=1",
+
# Disable assertions
"-DNDEBUG",
