FORTIFY_SOURCE is an originally GCC and GLIBC security feature that attempts to detect certain classes of buffer overflows. It's enabled by default on most Linux platforms and available for some other platforms.
FORTIFY_SOURCE is an originally GCC and GLIBC security feature that attempts to detect certain classes of buffer overflows. It's enabled by default on most Linux platforms and available for some other platforms.
When using the FORTIFY_SOURCE option, the compiler will insert code to call "safer" variants of unsafe functions if the compiler can deduce the destination buffer size. The unsafe functions include memcpy, mempcpy, memmove, memset, stpcpy, strcpy, strncpy, strcat, strncat, sprintf, snprintf, vsprintf, vsnprintf, and gets.
The option can be turned off with -D_FORTIFY_SOURCE=0 or -U_FORTIFY_SOURCE. However, its usually not appropriate to disable FORTIFY_SOURCE in production software.
Jakub Jelinek provided the GCC patch for FORTIFY_SOURCE back in 2004. The documentation for _FORTIFY_SOURCE is located in the "feature test macro(7)" man page.
Support for FORTIFY_SOURCE requires the compiler to be able to insert the calls; GCC 4.0 and Clang 2.6 are the minimum required versions. The system must also have "safer" functions available; these may be provided by glibc, by GCC's libssp, and by other libraries such as the NetBSD libc (inherited into newlib), macOS libc, and the mingw-w64 libc.
