Change the heuristics of -fstack-protector to select to protect

additional functions --- those that have local array definitions,
or have references to local frame addresses.

Note that upstream uses -fstack-protector-strong and misleads people:
-fstack-protector, -fstack-protector-all, -fstack-protector-strong
can you tell which one is safe?

Luckily, OpenBSD has its own compiler and is able to do the right
thing for security:  this is enabled by default, and called
-fstack-protector.

OK deraadt@, miod@.  Tested for 3 months.

2 files changed, 2 insertions, 2 deletions

diff --git a/gnu/gcc/gcc/common.opt b/gnu/gcc/gcc/common.opt
index de1ae3c59a4..c309c43249f 100644
--- a/gnu/gcc/gcc/common.opt
+++ b/gnu/gcc/gcc/common.opt
@@ -863,7 +863,7 @@ Common RejectNegative Joined
 -fstack-limit-symbol=<name>	Trap if the stack goes past symbol <name>
 
 fstack-protector
-Common Report Var(flag_stack_protect, 1) Init(-1)
+Common Report Var(flag_stack_protect, 3) Init(-1)
 Use propolice as a stack protection method
 
 fstack-protector-all
diff --git a/gnu/gcc/gcc/toplev.c b/gnu/gcc/gcc/toplev.c
index 5d438e0de27..ae2185c0b18 100644
--- a/gnu/gcc/gcc/toplev.c
+++ b/gnu/gcc/gcc/toplev.c
@@ -1834,7 +1834,7 @@ process_options (void)
   /* Targets must be able to place spill slots at lower addresses.  If the
      target already uses a soft frame pointer, the transition is trivial.  */
   if (flag_stack_protect == -1)
-    flag_stack_protect = FRAME_GROWS_DOWNWARD ? 1 : 0;
+    flag_stack_protect = FRAME_GROWS_DOWNWARD ? 3 : 0;
   if (!FRAME_GROWS_DOWNWARD && flag_stack_protect)
     {
       warning (0, "-fstack-protector not supported for this target");