Try enable bound checks

[maxtropets]

Supported from clang17 onwards, so can be done on Mariner?..

Let's do this: https://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html

Hardening documentation: https://libcxx.llvm.org/Hardening.html

[achamayou]

Worth noting that AL/Mariner builds currently use libstdcxx: https://github.com/microsoft/CCF/blob/main/.github/workflows/ci.yml#L135

CC=which clang CXX=which clang++ cmake -GNinja -DCOMPILE_TARGET=virtual -DCMAKE_BUILD_TYPE=Debug -DLVI_MITIGATIONS=OFF -DUSE_LIBCXX=OFF ..

But libc++ is available:

root [ /CCF/build ]# tdnf list | grep libcxx
libcxx.x86_64 18.1.2-2.azl3 azurelinux-official-base
libcxx.x86_64 18.1.2-3.azl3 azurelinux-official-base
libcxxabi.x86_64 18.1.2-2.azl3 azurelinux-official-base
libcxxabi.x86_64 18.1.2-3.azl3 azurelinux-official-base
libcxxabi-devel.x86_64 18.1.2-2.azl3 azurelinux-official-base
libcxxabi-devel.x86_64 18.1.2-3.azl3 azurelinux-official-base
libcxxabi-static.x86_64 18.1.2-2.azl3 azurelinux-official-base
libcxxabi-static.x86_64 18.1.2-3.azl3 azurelinux-official-base
libcxx-devel.x86_64 18.1.2-2.azl3 azurelinux-official-base
libcxx-devel.x86_64 18.1.2-3.azl3 azurelinux-official-base
libcxx-static.x86_64 18.1.2-2.azl3 azurelinux-official-base
libcxx-static.x86_64 18.1.2-3.azl3 azurelinux-official-base