Fortify for chromium Android webview

Naveen

unread,

Mar 27, 2017, 6:33:12 PM3/27/17

to chromi...@chromium.org

Hi Chromium Devs,

I am compiling AndoidWebview apk in release mode.

Can I safely assume that Fortify is run for every cpp file in chromium src tree?

https://cs.chromium.org/chromium/src/build/config/compiler/BUILD.gn?q=fortify&dr=C&l=1157

Also how is Fortify run for Java source files in the chromium tree?

Thanks,

Naveen

unread,

Mar 28, 2017, 1:41:24 PM3/28/17

to chromi...@chromium.org, Chromium-discuss

Torne (Richard Coles)

unread,

Apr 5, 2017, 4:13:11 PM4/5/17

to naveen....@gmail.com, chromi...@chromium.org, Chromium-discuss

We compile all the non-third-party C++ code with _FORTIFY_SOURCE defined, which may enable some checks against buffer overruns (but I'm not sure if this actually does anything on Android). Java code is unaffected.

I suspect you may be confusing this with the "Fortify" static analysis product, though, which is nothing to do with this. We don't run any commercial static analysers on Chromium as far as I know, though some people have done so in the past.

--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss

Reply all

Reply to author

Forward