From 6be51c0f2293e8e35fbd3fc691b9a309d4f53560 Mon Sep 17 00:00:00 2001
From: "Rob Swindell (on Debian Linux)" <rob@synchro.net>
Date: Mon, 5 Jun 2023 17:03:49 -0700
Subject: [PATCH] Add FORTIFY and SANITIZE options for DEBUG builds

SANITIZE is not fully supported (or recommended) yet.

FORTIFY will include some performance hits, but those might be offset by -O1
(which is apparently required for _FORTIFY_SOURCE to have any effect).
Prevviosly, DEBUG builds used (implicit -O0).
I'm building and running sbbs on Vertrauen (git.synchro.net) now with FORTIFY.

Set FORTIFY=1 in your localdefs.mk if you wish to have this build option
enabled persistently.
---
 src/build/Common.gmake | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/build/Common.gmake b/src/build/Common.gmake
index 2074413dcd..fae8b7b31c 100644
--- a/src/build/Common.gmake
+++ b/src/build/Common.gmake
@@ -153,6 +153,13 @@ ifdef DEBUG
   CFLAGS	+=	-fprofile-arcs -ftest-coverage
   LDFLAGS	+=	-fprofile-arcs -ftest-coverage
  endif
+ ifdef FORTIFY
+  CFLAGS += -D_FORTIFY_SOURCE=3 -O1
+ endif
+ ifdef SANITIZE
+  CFLAGS += -fsanitize=undefined,address
+  LDFLAGS += -fsanitize=undefined,address
+ endif
 else
  ifdef USE_UPROFILE
   CFLAGS	+=	-fprofile-use
-- 
GitLab