DC++

gcc linker error: undefined reference to `__security_cookie' when building with gcc 8.5.0 based MinGW-w64 release

Bug #2028276 reported by eMTee on 2023-07-20

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	DC++	Fix Committed	Undecided	Unassigned

Bug Description

Trying to build DC++ with https://github.com/niXman/mingw-builds-binaries/releases/tag/8.5.0-rt_v10-rev0 , win32, seh.

Got multiple " undefined reference to `__security_cookie'" errors when linking the HTMLHelp lib. This is a new issue, does not happen with a gcc 8.1 based compiler.

https://stackoverflow.com/questions/21627607/gcc-linker-error-undefined-reference-to-security-cookie probably tells the cause (link to MS docs is broken, originally <https://web.archive.org/web/20070121194753/http://support.microsoft.com/?id=894573>)

It says you either need to link bufferoverflowU.lib or build without the /GS switch.

<https://stackoverflow.com/questions/57361083/gcc-equivalent-of-gs-gl-gy-oi-md-in-msvc> says "/GS is roughly equivalent to -fstack-protector-strong -fstack-clash-protection -D_FORTIFY_SOURCE=2. It also requires optimization (e.g., -O2 or -O3)" yet the error still happens even when building debug in which case all optimizations should be disabled.

eMTee (realprogger) on 2023-07-20

summary:

gcc linker error: undefined reference to `__security_cookie' when
- building with gcc 8.5.0 basedMinGW-w64 release
+ building with gcc 8.5.0 based MinGW-w64 release

Revision history for this message

eMTee (realprogger) wrote on 2023-07-21:

[09:24:34] <eMTee> https://sourceforge.net/p/mingw-w64/mailman/message/36804945/ "* __FORTIFY_SOURCE support "
[09:40:16] <eMTee> https://github.com/StephanTLavavej/mingw-distro/issues/71 , https://github.com/msys2/MINGW-packages/issues/5803
[11:39:11] <eMTee> meh, it's not because of these. I tried '-fstack-check=no', '-fno-stack-check', '-fno-stack-protector', '-fno-stack-clash-protection', '-D_FORTIFY_SOURCE=0' , still errors

[14:16:20] <eMTee> managed to compile it by adding 'BufferOverflowU' lib from the SDK. Altough some fix it by using dummy defines like https://github.com/kfrlib/fft-benchmark/blob/master/mingw_fix.h
I tried

extern "C" {
int __security_cookie;
}

with no luck, not sure if I added it to the proper place though.

[14:17:37] <eMTee> I still want to know what option to disable or what was enabled vs. the old 8.1 build we've been using but I'm at a loss how to find it out what it is.
[14:18:39] <eMTee> Nevertheless these checks should make the app more safe, not sure to what extent though since it's a 20 year old technology/practice.

Will try a similar winlibs built compiler which reportedly don't exhibit this issue with its defaults.

Revision history for this message

eMTee (realprogger) wrote on 2023-07-24:

[2023-07-23 10:12] <eMTee> So a gcc 11.2 based official MinGW-w64 compiler gives the same linker errors for HTMLHelp.
[2023-07-23 10:35] <eMTee> And so does winlibs-x86_64-posix-seh-gcc-10.3.0-mingw-w64-9.0.0-r2.7z...
[2023-07-23 12:30] <eMTee> winlibs-x86_64-posix-seh-gcc-9.3.1-snapshot20210402-mingw-w64-8.0.0-r1.7z also does it whereas winlibs-x86_64-posix-seh-gcc-9.3.0-llvm-10.0.0-mingw-w64-7.0.0-r4.7z doesn't so apparently it happens on MinGW-W64 crt V8.0+ regardless the compiler version.
[2023-07-23 12:33] <eMTee> Since I can't find any obvious changelog item or control option of what causes it I guess it is best to detect and link this additional lib from now.

Revision history for this message

eMTee (realprogger) wrote on 2023-09-04:

Nvm, we already have the proper declaration for __security_cookie it just wasn't enabled when compiling with MinGW-w64 for some reason. Now it is enabled for MinGW-w64 CRT 8.0.0 and above.

Changed in dcplusplus:
status:	New → Fix Committed

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.