Fortified system functions

Updated: April 19, 2023

QNX Neutrino RTOS fortified system functions are designed to detect out-of-bounds memory accesses by performing lightweight parameter validation at compile-time, runtime, or both.

If a component does not currently use fortified system functions, you need to recompile it to make use of this feature.

The following example makefile excerpt illustrates how to enable the use of fortified system functions for all modules of a project via the CPPFLAGS variable:

CPPFLAGS += -D_FORTIFY_SOURCE=2 

Alternatively, you can enable the use of fortified system functions by setting a shell environment variable before the make utility is invoked. For a QNX recursive makefile project, you can use CCOPTS (CXXOPTS for component written in C++). For example:

CCOPTS="-D_FORTIFY_SOURCE=2" make 

For projects that don't use QNX recursive makefiles, see the project's documentation to determine the correct variable or variables to use to specify the -D_FORTIFY_SOURCE=2 option and, if necessary, a compatible compiler optimization setting.

You can also specify the -frecord-gcc-switches compiler option to provide a means of verifying after the fact whether an executable or library was built to use fortified system functions. For more information, see Fortified system functions in “Security features for system integrators”.

For more information, including how to enable fortified system functions for specific source files and diagnostic messages related to the feature, see the Fortified System Functions chapter.