From 6b81302e380aaf6688982b932a4efff7c642a7f5 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Fri, 11 Jan 2019 16:10:07 +0100
Subject: [PATCH] environment/configure/hardening.sh: enable
 -fstack-clash-protection

This flag will make GCC 8 touch all space allocated using alloca(3)
and thus detect code jumping over the "stack gap".
---
 common/environment/configure/hardening.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/environment/configure/hardening.sh b/common/environment/configure/hardening.sh
index 0b4024e2532..10b67c75fd8 100644
--- a/common/environment/configure/hardening.sh
+++ b/common/environment/configure/hardening.sh
@@ -17,8 +17,8 @@ if [ -z "$nopie" ]; then
 		LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
 	else
 		# Enable FORITFY_SOURCE=2
-		CFLAGS="-D_FORTIFY_SOURCE=2 ${CFLAGS}"
-		CXXFLAGS="-D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
+		CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CFLAGS}"
+		CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
 		LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
 	fi
 else