_FORTIFY_SOURCE=1 differs from _FORTIFY_SOURCE=2 only in the bounds
checking mode that it uses.
With _FORTIFY_SOURCE=1, bounds checks are 'loose', allowing access to the
whole underlying object, not just the subset referenced in the expression
(e.g, the bounds of a struct member is the whole struct, not just the
member).
With _FORTIFY_SOURCE=2, bounds checks are strict, meaning that the bounds
of an expression are limited to the referenced value.
Both of these perform their checks at runtime, calling _chk_fail if the
bounds check fails. That's done in the __*_chk functions included in the C
library. These are always called when _FORTIFY_SOURCE > 0, unless the
compiler replaces the call with inline code.
GCC already does all of the compile-time bounds checking for string and mem
functions when not using -ffreestanding, so there's nothing we need to add
for that to work. That means the security_fortify_compile_time property
should be empty.
Signed-off-by: Keith Packard <keithp@keithp.com>
cdc686eecc