Hello Kim and Erik, thanks for pointing me at https://bugs.openjdk.java.net/browse/JDK-8050803
https://bugs.openjdk.java.net/browse/JDK-8130017 I noticed too that the flag needs to be set together with optimization flags (which is pointed out in these 2 bugs). Performance seems to be not much affected (however I might need to look into it more ). But the missing hs_err file in case of hitting an issue is bad, as long as there is no fix for this, I would not set the flag (otherwise I like _FORTIFY_SOURCE ). Best regards, Matthias > > > > > > Hello. > > maybe some of you are aware of the gcc FORTIFY_SOURCE application > security flags. > > Developers can enable compile and also runtime checks for some string / > memory related operations with the flag. > > > > See details : > > https://access.redhat.com/blogs/766093/posts/1976213 > > > > Have you tried already those flags in the OpenJDK ? > > I happen to like _FORTIFY_SOURCE, as I’ve seen it catch some real problems > that would have been > much harder to find otherwise. However, we’ve tried it in the past and ran > into some problems. There > is an existing RFE to reinstate it’s use, which also mentions or references > those previous attempts and > the problems encountered. See JDK-8130017 "use _FORTIFY_SOURCE in gcc > fastdebug builds”. > > I didn’t know about the hs_err problem. It might be considered less of a > problem if only enabling in > fastdebug builds (as suggested by JDK-8130017), as such builds are > developer-oriented and the > loss of an hs_err file is (while annoying) perhaps less critical.
