by akjana » Fri Mar 17, 2017 6:08 pm
I was testing the Cef binaries from 11/27/2016 - CEF 3.2785.1486.g8c4ba9f / Chromium 53.0.2785.116
The static analysis tool only says that the Flag is turned off for libcef.dll
Searching the chromium code base, I found this entry in Skia which turns off the flag.
[ur]https://cs.chromium.org/chromium/src/third_party/skia/gn/BUILD.gn?q=/GS-+package:%5Echromium$&dr=C&l=410[url]
Did not find such an entry in the cef code though on a basic search. Any idea if cef turns off this flag as well ?
And regarding the instance where Skia disables the compiler flag pardon if its an question beyond the scope of discussion for this forum, any thoughts/ideas why its done?
Disabling /Gs flag raises the concern that Buffer Overrun exploits could be possible, where should I pursue a fix for Skia ? Would this be a chromium bug report, I guess not.