Build/security: Try FORTIFY_SOURCE

.github/workflows/ci.yml

@@ -271,6 +271,7 @@ jobs:
                             PUGIXML_VERSION=master
                             USE_OPENVDB=0
                             WEBP_VERSION=master
+                            OIIO_CMAKE_FLAGS="-DFORTIFY_SOURCE=2"
                             # The installed OpenVDB has a TLS conflict with Python 3.8
           - desc: clang14 C++20 avx2 exr3.1 ocio2.1
             nametag: linux-clang14

src/cmake/compiler.cmake

@@ -432,6 +432,29 @@ if (SANITIZE AND (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG))
 endif ()
 
 
+###########################################################################
+# Fortification and hardening options
+#
+# In modern gcc and clang, FORTIFY_SOURCE provides buffer overflow checks
+# (with some compiler-assisted deduction of buffer lengths) for the following
+# functions: memcpy, mempcpy, memmove, memset, strcpy, stpcpy, strncpy,
+# strcat, strncat, sprintf, vsprintf, snprintf, vsnprintf, gets.
+#
+# We try to avoid these unsafe functions anyway, but it's good to have the
+# extra protection, at least as an extra set of checks during CI. Some users
+# may also wish to enable it at some level if they are deploying it in a
+# security-sensitive environment. FORTIFY_SOURCE=3 may have minor performance
+# impact, though FORTIFY_SOURCE=2 should not have a measurable effect on
+# performance versus not doing any fortification. All fortification levels are
+# not available in all compilers.
+
+set (FORTIFY_SOURCE "0" CACHE STRING "Turn on Fortification level (0, 1, 2, 3)")
+if (FORTIFY_SOURCE AND (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG))
+    message (STATUS "Compiling with _FORTIFY_SOURCE=${FORTIFY_SOURCE}")
+    add_compile_options (-D_FORTIFY_SOURCE=${FORTIFY_SOURCE})
+endif ()
+
+
 ###########################################################################
 # clang-tidy options
 #