{"id":20602807,"url":"https://github.com/airbus-seclab/c-compiler-security","last_synced_at":"2025-10-26T08:14:50.663Z","repository":{"id":47332257,"uuid":"394685616","full_name":"airbus-seclab/c-compiler-security","owner":"airbus-seclab","description":"Security-related flags and options for C compilers","archived":false,"fork":false,"pushed_at":"2022-11-07T21:50:31.000Z","size":59,"stargazers_count":189,"open_issues_count":2,"forks_count":17,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-04-08T04:51:37.206Z","etag":null,"topics":["c","clang","compiler","flags","gcc","sanitizers","security"],"latest_commit_sha":null,"homepage":"https://airbus-seclab.github.io/c-compiler-security/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-sa-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/airbus-seclab.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-08-10T14:31:32.000Z","updated_at":"2025-03-29T13:01:36.000Z","dependencies_parsed_at":"2023-01-22T05:02:22.645Z","dependency_job_id":null,"html_url":"https://github.com/airbus-seclab/c-compiler-security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/airbus-seclab/c-compiler-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2Fc-compiler-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2Fc-compiler-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2Fc-compiler-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2Fc-compiler-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/airbus-seclab","download_url":"https://codeload.github.com/airbus-seclab/c-compiler-security/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/airbus-seclab%2Fc-compiler-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271430852,"owners_count":24758399,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-21T02:00:08.990Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","clang","compiler","flags","gcc","sanitizers","security"],"created_at":"2024-11-16T09:14:51.316Z","updated_at":"2025-10-26T08:14:45.628Z","avatar_url":"https://github.com/airbus-seclab.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Getting the maximum of your C compiler, for security\n\n- [GCC TL;DR](#gcc-tldr)\n- [Clang TL;DR](#clang-tldr)\n- [Microsoft Visual Studio 2019 TL;DR](#microsoft-visual-studio-2019-tldr)\n- [References](#references)\n\n### Introduction\n\nThis guide is intended to help you determine which flags you should use to\ncompile your C Code using GCC, Clang or MSVC, in order to:\n\n* detect the maximum number of bugs or potential security problems.\n* enable security mitigations in the produced binaries.\n* enable runtime sanitizers to detect errors (overflows, race conditions, etc.) and make fuzzing more efficient.\n\n\n**Disclaimer**:\n\nThe flags selected and recommended here were chosen to *maximize* the number of\nclasses of detected errors which could have a security benefit when enabled.\nCode generation options (such as `-fstack-protector-strong`) can also have\nperformance impacts.  It is up to you to assess the impact on your code base\nand choose the right set of command line options.\n\n\nComments are of course [welcome](https://github.com/airbus-seclab/c-compiler-security/issues).\n\n\n## GCC 12 TL;DR\n\n[Detailed page](./gcc_compilation.md)\n\nAlways use the following [warnings](./gcc_compilation.md#warnings) and [flags](./gcc_compilation.md#compilation-flags) on the command line:\n```\n-O2\n-Werror\n-Wall -Wextra -Wpedantic -Wformat=2 -Wformat-overflow=2 -Wformat-truncation=2 -Wformat-security -Wnull-dereference -Wstack-protector -Wtrampolines -Walloca -Wvla -Warray-bounds=2 -Wimplicit-fallthrough=3 -Wtraditional-conversion -Wshift-overflow=2 -Wcast-qual -Wstringop-overflow=4 -Wconversion -Warith-conversion -Wlogical-op -Wduplicated-cond -Wduplicated-branches -Wformat-signedness -Wshadow -Wstrict-overflow=4 -Wundef -Wstrict-prototypes -Wswitch-default -Wswitch-enum -Wstack-usage=1000000 -Wcast-align=strict\n-D_FORTIFY_SOURCE=3\n-fstack-protector-strong -fstack-clash-protection -fPIE\n-fsanitize=bounds -fsanitize-undefined-trap-on-error\n-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code\n```\n\nOn legacy code bases, some of the warnings may produce some false positives. On\ncode where the behavior is intended, pragmas can be used to disable the specific\nwarning locally.\n\nRun debug/test builds with sanitizers (in addition to the flags above):\nAddressSanitizer + UndefinedBehaviorSanitizer:\n```\n-fsanitize=address -fsanitize=pointer-compare -fsanitize=pointer-subtract -fsanitize=leak -fno-omit-frame-pointer -fsanitize=undefined -fsanitize=bounds-strict -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow\nexport ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:detect_invalid_pointer_pairs=2\n```\n\nIf your program is multi-threaded, run with `-fsanitize=thread` (incompatible with ASan).\n\nFinally, use [`-fanalyzer`](./gcc_compilation.md#code-analysis) to spot potential issues.\n\n## Clang 11 TL;DR\n\n[Detailed page](./clang_compilation.md)\n\nFirst compile with:\n\n```\n-O2\n-Werror\n-Walloca -Wcast-qual -Wconversion -Wformat=2 -Wformat-security -Wnull-dereference -Wstack-protector -Wvla -Warray-bounds -Warray-bounds-pointer-arithmetic -Wassign-enum -Wbad-function-cast -Wconditional-uninitialized -Wconversion -Wfloat-equal -Wformat-type-confusion -Widiomatic-parentheses -Wimplicit-fallthrough -Wloop-analysis -Wpointer-arith -Wshift-sign-overflow -Wshorten-64-to-32 -Wswitch-enum -Wtautological-constant-in-range-compare -Wunreachable-code-aggressive -Wthread-safety -Wthread-safety-beta -Wcomma\n-D_FORTIFY_SOURCE=3\n-fstack-protector-strong -fsanitize=safe-stack -fPIE -fstack-clash-protection\n-fsanitize=bounds -fsanitize-undefined-trap-on-error\n-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack -Wl,-z,separate-code\n```\n\nOn legacy code bases, some of the warnings may produce some false positives. On\ncode where the behavior is intended, pragmas can be used to disable the specific\nwarning locally.\n\nRun debug/test builds with sanitizers, in addition to the flags above (and after removing `-fsanitize=safe-stack`, which is incompatible with LeakSanitizer):\n\nAddressSanitizer + UndefinedBehaviorSanitizer:\n```\n-fsanitize=address -fsanitize=leak -fno-omit-frame-pointer -fsanitize=undefined  -fsanitize=float-divide-by-zero -fsanitize=float-cast-overflow -fsanitize=integer\nexport ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:detect_invalid_pointer_pairs=2\n```\n\nIf your program is multi-threaded, run with `-fsanitize=thread` (incompatible with ASan).\n\nFinally, use [`scan-build`](./clang_compilation.md#code-analysis) to spot potential issues.\n\nIn addition, you can build production code with `-fsanitize=integer -fsanitize-minimal-runtime -fno-sanitize-recover` to catch integer overflows.\n\n\n## Microsoft Visual Studio 2019 TL;DR\n\n[Detailed page](./msvc_compilation.md)\n\n* Compile with `/Wall /sdl /guard:cf /guard:ehcont /CETCOMPAT`\n* Use ASan with `/fsanitize=address`\n* Analyze your code with `/analyze`\n\n## Tips\n\n* Check \u003chttps://github.com/pkolbus/compiler-warnings\u003e to see which compiler version supports a given flag\n* Use the [Compiler explorer](https://godbolt.org/) to experiment and check the impact on machine code produced\n* If you have a doubt about the actual semantics of a flag, check the tests (for Clang, GCC)\n* Use [checksec.py](https://github.com/Wenzel/checksec.py) to verify your binaries have mitigations\n\n## References\n\n* For [GCC](./gcc_compilation.md#references)\n* For [Clang](./clang_compilation.md#references)\n* For [MSVC](./msvc_compilation.md#references)\n* \u003chttps://github.com/pkolbus/compiler-warnings\u003e: GCC/Clang/XCode parsers for warnings definitions.\n* \u003chttps://github.com/google/sanitizers/wiki/AddressSanitizerFlags\u003e: ASan runtime options\n\n\nWritten by Raphaël Rigo and reviewed by Sarah Zennou @ [Airbus Security lab](https://airbus-seclab.github.io), 2021.\n\n## Contributing\n\nPlease open an issue if you notice any error, imprecision or have comments or improvements ideas.\n\nThis work is licensed under a\n[Creative Commons Attribution-ShareAlike 4.0 International License][cc-by-sa].\n\n[cc-by-sa]: http://creativecommons.org/licenses/by-sa/4.0/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fairbus-seclab%2Fc-compiler-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fairbus-seclab%2Fc-compiler-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fairbus-seclab%2Fc-compiler-security/lists"}