Jeff Morriss wrote:
bugzilla-daemon@xxxxxxxxxxxxx wrote:
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1416
stephentfisher@xxxxxxxxx changed:
[...]
Your SuSE system must have -fstack-protector / -fstack-protector-all enabled by
default in gcc. More information about this implementation can be found at
http://www.trl.ibm.com/projects/security/ssp/node4.html for those who are
curious.
Should we turn this on in development builds (especially for the fuzz bot)?
The fuzz testing used to be done on a machine whose OS included a
veersion of GCC that didn't support a "-fstack-protector" option. That
machine was replaced by a machine running a later version of that OS,
but the man page for GCC in that OS lists "-fstack-check",
"-fstack-limit-register", and "-fstack-limit-symbol", but not
"-fstack-protector" or "-fstack-protector-all".
That machine also appears to be the fastest of all the buildbot
machines, so it'd probably be the fastest one for fuzz testing.
However, if another machine has a GCC that supports "-fstack-protector",
that might be the machine to use (and perhaps to upgrade to a faster
system).
