[FFmpeg-devel] PIC and YASM

Måns Rullgård mans
Mon Nov 9 23:16:33 CET 2009


Reimar D?ffinger <Reimar.Doeffinger at gmx.de> writes:

> On Mon, Nov 09, 2009 at 08:26:05PM +0300, Michael Kostylev wrote:
>> 
>> On Mon Nov  9 18:02:54 2009
>> Reimar D?ffinger wrote:
>> 
>> >>> @@ -1919,7 +1917,6 @@
>> >>>          ;;
>> >>>      openbsd)
>> >>>          enable malloc_aligned
>> >>> -        enable pic
>> >> 
>> >> OpenBSD builds fail without that currently.  Does your new __PIC__
>> >> check fix that?
>> > 
>> > I expect
>> 
>> Unfounded.
>
> Interesting. I do not know 100% what OpenBSD does, but FFmpeg builds
> just with with PIC disabled, the generated program just does not run.

I knew there was something fishy there.

> However, I'd like to suggest the change below.
> Thing is, when PIC is enabled we already take the performance hit
> anyway, so I suggest we at least try to also get the security benefit
> by linking the executable programs as PIE.
>
> What do you think about that? Any known issues with -pie linker flag?
>
> Index: configure
> ===================================================================
> --- configure   (revision 20476)
> +++ configure   (working copy)
> @@ -2103,6 +2103,7 @@
>      add_cppflags -DPIC
>      add_cflags   -fPIC
>      add_asflags  -fPIC
> +    add_ldflags  -pie
>  }
>
>  enabled pic && enable_pic

That is wrong.  Let's read the gcc manual for a bit:

`-fpic'
`-fPIC'
     Generate position-independent code (PIC) suitable for use in a
     shared library, if supported for the target machine.  Such code
     accesses all constant addresses through a global offset table
     (GOT). [...]

`-fpie'
`-fPIE'
     These options are similar to `-fpic' and `-fPIC', but generated
     position independent code can be only linked into executables.
     Usually these options are used when `-pie' GCC option will be used
     during linking.

`-pie'
     Produce a position independent executable on targets which support
     it.  For predictable results, you must also specify the same set
     of options that were used to generate code (`-fpie', `-fPIE', or
     model suboptions) when you specify this option.

Can -pie be used with -fPIC-compiled code?  After reading the above,
I'm not entirely certain.

-- 
M?ns Rullg?rd
mans at mansr.com



More information about the ffmpeg-devel mailing list