Because of CVE-2018-6574, some compiler options and linker options ar…

…e restricted to prevent arbitrary code execution. golang/go#23672 By this change, building a Go code with LLVM Go bindings causes a compilation error as follows. go build llvm.org/llvm/bindings/go/llvm: invalid flag in #cgo LDFLAGS: -Wl,-headerpad_max_install_names llvm-go tool generates cgo LDFLAGS directive from `llvm-config --ldflags` and it contains -Wl,option options. But -Wl,option is banned by default. To avoid this problem, we need to set $CGO_LDFLAGS_ALLOW environment variable to notify a compiler that the flags should be allowed. $ export CGO_LDFLAGS_ALLOW='-Wl,(-search_paths_first|-headerpad_max_install_names)' By default for go 1.10 and go 1.9.5 these options should appear in the accepted set of options, however, if you're running into the error it's useful to have this documented. Patch by Ryuichi Hayashida git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@325946 91177308-0d34-0410-b5e6-96231b3b80d8
earl · Feb 23, 2018 · 466d8f9 · 466d8f9
1 parent c19ba63
commit 466d8f9
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/bindings/go/README.txt b/bindings/go/README.txt
@@ -51,3 +51,11 @@ CGO_CPPFLAGS, CGO_CXXFLAGS and CGO_LDFLAGS environment variables:
     $ export CGO_CXXFLAGS=-std=c++11
     $ export CGO_LDFLAGS="`/path/to/llvm-build/bin/llvm-config --ldflags --libs --system-libs all`"
     $ go build -tags byollvm
+
+If you see a compilation error while compiling your code with Go 1.9.4 or later as follows,
+
+    go build llvm.org/llvm/bindings/go/llvm: invalid flag in #cgo LDFLAGS: -Wl,-headerpad_max_install_names
+
+you need to setup $CGO_LDFLAGS_ALLOW to allow a compiler to specify some linker options:
+
+    $ export CGO_LDFLAGS_ALLOW='-Wl,(-search_paths_first|-headerpad_max_install_names)'