From a3f56875c1ba131b0038e82f719a18d69f959f92 Mon Sep 17 00:00:00 2001
From: rubidium <rubidium@openttd.org>
Date: Sun, 22 Jul 2012 05:33:09 +0000
Subject: [PATCH] (svn r24429) -Change: add some hardening flags to the
 compiler for release builds

---
 config.lib            | 22 ++++++++++++++--------
 src/depend/depend.cpp |  5 ++++-
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/config.lib b/config.lib
index 36e0aacf04..f4e0da9e35 100644
--- a/config.lib
+++ b/config.lib
@@ -1302,8 +1302,8 @@ make_compiler_cflags() {
 
 		flags="$flags -Wall -Wno-multichar -Wsign-compare -Wundef"
 		flags="$flags -Wwrite-strings -Wpointer-arith"
-		flags="$flags -W -Wno-unused-parameter -Wformat=2"
-		flags="$flags -Wredundant-decls"
+		flags="$flags -W -Wno-unused-parameter -Wredundant-decls"
+		flags="$flags -Wformat=2 -Wformat-security -Werror=format-security"
 
 		if [ $enable_assert -eq 0 ]; then
 			# Do not warn about unused variables when building without asserts
@@ -1427,12 +1427,6 @@ make_cflags_and_ldflags() {
 		# Each debug level reduces the optimization by a bit
 		if [ $enable_debug -ge 1 ]; then
 			CFLAGS="$CFLAGS -g -D_DEBUG"
-			if basename "$cc_host" | grep "gcc" &>/dev/null; then
-				# Define only when compiling with GCC, some
-				# GLIBC versions use GNU extensions in a way
-				# that breaks build with at least ICC
-				CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
-			fi
 			if [ "$os" = "PSP" ]; then
 				CFLAGS="$CFLAGS -G0"
 			fi
@@ -1447,6 +1441,18 @@ make_cflags_and_ldflags() {
 		fi
 	fi
 
+	if [ $enable_debug -le 2 ]; then
+		if basename "$cc_host" | grep "gcc" &>/dev/null; then
+			# Define only when compiling with GCC. Some GLIBC versions use GNU
+			# extensions in a way that breaks build with at least ICC.
+			# This requires -O1 or more, so debug level 3 (-O0) is excluded.
+			CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2"
+
+			# Just add -O1 to the tools needed for building.
+			CFLAGS_BUILD="$CFLAGS_BUILD -D_FORTIFY_SOURCE=2 -O1"
+		fi
+	fi
+
 	if [ "$os" = "OSX" ] && [ $cc_version -eq 40 ]; then
 		# Apple's GCC 4.0 has a compiler bug for x86_64 with (higher) optimization,
 		# wrongly optimizing ^= in loops. This disables the failing optimisation.
diff --git a/src/depend/depend.cpp b/src/depend/depend.cpp
index 67ceec25fe..4d5ef35f38 100644
--- a/src/depend/depend.cpp
+++ b/src/depend/depend.cpp
@@ -910,7 +910,10 @@ int main(int argc, char *argv[])
 		size = ftell(src);
 		rewind(src);
 		content = (char*)malloc(size * sizeof(*content));
-		fread(content, 1, size, src);
+		if (fread(content, 1, size, src) != (size_t)size) {
+			fprintf(stderr, "Could not read %s\n", filename);
+			exit(-2);
+		}
 		fclose(src);
 	}