1

CMake 3.9, arm-gcc 5.4.1, Linux / OSX:

I'm enabling stack smashing protection by adding -fstack-protector-strong to my compiler flags. This instructs gcc to look for specially-named symbols in the hard-coded libraries libssp.a and libssp_nonshared.a.

These libraries exist in my application as part of the build, but they do not yet exist when CMake is interrogating my compiler during the configuration phase.

This causes CMake to fail, which makes sense:

[2/2] Linking CXX executable cmTC_0f43d FAILED: cmTC_0f43d /path/to/arm-none-eabi-g++ -fstack-protector-strong CMakeFiles/cmTC_0f43d.dir/testCXXCompiler.cxx.obj -o cmTC_0f43d /path/to/arm-none-eabi/bin/ld: cannot find -lssp_nonshared /path/to/arm-none-eabi/bin/ld: cannot find -lssp

Is there any way to:

  1. Tell CMake to not use -fstack-protector-strong during compiler interrogation?
  2. Provide an empty "dummy" version of libssp and libssp_nonshared during interrogation?
  3. Skip compiler interrogation entirely? (This is a custom toolchain.)

Or any other way to work around this?

Improve this question
2
  • 1
    How did you add the switches. Sounds like you added it to the default CFLAGS instead of targets you create in CMakeLists.txt. Commented Jan 18, 2019 at 4:35
  • That's correct, I added them to CFLAGS because I want them enabled in every file I compile. If possible, I'd prefer not to have to manually add them to every library and executable I create: it's easy to forget, it's hard to verify that it was added, etc. Commented Jan 18, 2019 at 5:44

2 Answers 2

Reset to default
2

Tell CMake to not use -fstack-protector-strong during compiler interrogation?

Just add this compiler flag after the project() call, when CMake checks a compiler.

project(MyProject) # ... set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector-strong") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong")

Instead of appending the flag to CMAKE_*_FLAGS variable, you may also add it via add_compile_options command:

project(MyProject) # ... add_compile_options("-fstack-protector-strong")
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

We have about 40 projects, but they're all underneath one root-level project. Does CMake only check the compiler after the root-level project? Or do I need to append the flags after each leaf project? I'm assuming just once, since at that point the compiler is known; I just want to make sure I understand your claim :)
CMake checks the compiler only once: it won't check the compiler on next project(). Moreover, CMake won't check the compiler on next cmake invocation for the same project.
I believe that adding it to the FLAGS will have it passed to any additional try_compile() commands so add_compile_options() is probably better.
@Fred: As fat as I understand, try_compile uses separate CMake project. The only thing which that project derives automatically, is a toolchain file. All other parameters are specified explicitely.
@Tsyvarev I should have checked first. It is a separate CMake project but some settings are forwarded to the new project. It was one of the linker flags that get forwarded not compiler flags.
0

In my case, option 3 turned out to be easy. In my toolchain CMake file, I simply added:

set(CMAKE_C_COMPILER_WORKS ON) set(CMAKE_CXX_COMPILER_WORKS ON)

And now CMake doesn't waste any time interrogating the features of my compiler.

This works in my specific case (embedded systems firmware), but it would be nice how to get CMake and -fstack-protector-strong to work on non-embedded programs as well.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.