From 699e8991724ff6dd4f1fa8d6f7a622849e8d7098 Mon Sep 17 00:00:00 2001
From: Adrien Bertrand <bertrand.adrien@gmail.com>
Date: Sun, 26 Nov 2023 11:39:06 +0100
Subject: [PATCH] Testing more safety flags

---
 CMakeLists.txt | 44 +++++++++++++++++++++++++++++++-------------
 1 file changed, 31 insertions(+), 13 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index cf60e856..ece213b2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -97,19 +97,7 @@ set(CMAKE_CXX_STANDARD 11)
 set(CMAKE_C_STANDARD_REQUIRED ON)
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
 
-if (CMAKE_CXX_COMPILER_ID MATCHES "Clang" OR CMAKE_CXX_COMPILER_ID MATCHES "GNU")
-    # sane defaults + hardening
-    set(GLOBAL_COMPILE_FLAGS "-W -Wall -Wextra -Wno-unused-parameter -Werror=shadow -Werror=write-strings -Wredundant-decls -Werror=date-time -Werror=return-type -Werror=pointer-arith")
-    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GLOBAL_COMPILE_FLAGS} -Werror=declaration-after-statement -Werror=implicit-function-declaration -Werror=missing-prototypes")
-    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${GLOBAL_COMPILE_FLAGS}")
-    # useful flags for debugging
-    set(GLOBAL_DEBUG_FLAGS "-fno-omit-frame-pointer -fsanitize=address,bounds -fsanitize-undefined-trap-on-error")
-    set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} ${GLOBAL_DEBUG_FLAGS} ")
-    set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} ${GLOBAL_DEBUG_FLAGS} ")
-    set(CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG} ${GLOBAL_DEBUG_FLAGS} ")
-    # only for clang/gcc
-    add_compile_definitions(HAVE_FVISIBILITY=1)
-endif()
+set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 
 if(APPLE)
     add_compile_definitions(__MACOSX__)
@@ -125,6 +113,36 @@ elseif(WIN32)
     include_directories(${CMAKE_SOURCE_DIR}/win32_config)
 endif()
 
+if (CMAKE_CXX_COMPILER_ID MATCHES "Clang" OR CMAKE_CXX_COMPILER_ID MATCHES "GNU")
+    # sane defaults + hardening
+    set(GLOBAL_COMPILE_FLAGS "-W -Wall -Wextra -Wno-unused-parameter -Werror=shadow -Werror=write-strings -Wredundant-decls -Werror=date-time -Werror=return-type -Werror=pointer-arith")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GLOBAL_COMPILE_FLAGS} -Werror=declaration-after-statement -Werror=implicit-function-declaration -Werror=missing-prototypes")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${GLOBAL_COMPILE_FLAGS}")
+    if(LINUX)
+        add_link_options("-Wl,-z,relro,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code")
+        if(CMAKE_CXX_COMPILER_ID MATCHES "GNU")
+            add_link_options("-Wl,--as-needed")
+        endif()
+    endif()
+    # useful flags for debugging
+    set(GLOBAL_DEBUG_FLAGS "-fno-omit-frame-pointer -fsanitize=address,bounds -fsanitize-undefined-trap-on-error -fstack-protector-strong -fstack-clash-protection")
+    set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} ${GLOBAL_DEBUG_FLAGS} ")
+    set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} ${GLOBAL_DEBUG_FLAGS} ")
+    set(CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG} ${GLOBAL_DEBUG_FLAGS} ")
+    # only for clang/gcc
+    add_compile_definitions(HAVE_FVISIBILITY=1)
+elseif (MSVC)
+    # sane defaults + hardening. /wd4996 to disable deprecated functions warnings
+    set(GLOBAL_COMPILE_FLAGS "/Wall /sdl /guard:cf /guard:ehcont /wd4996")
+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GLOBAL_COMPILE_FLAGS} ")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${GLOBAL_COMPILE_FLAGS} ")
+    # useful flags for debugging
+    set(GLOBAL_DEBUG_FLAGS "/fsanitize=address")
+    set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} ${GLOBAL_DEBUG_FLAGS} ")
+    set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} ${GLOBAL_DEBUG_FLAGS} ")
+    set(CMAKE_EXE_LINKER_FLAGS_DEBUG "${CMAKE_EXE_LINKER_FLAGS_DEBUG} ${GLOBAL_DEBUG_FLAGS} ")
+endif()
+
 # i18n support checking
 include(FindGettext)
 include(FindIntl)