From: Anatol Belski <ab@php.net>
Date: Wed, 17 Jan 2018 13:31:51 +0000 (+0100)
Subject: Add switches for Spectre variant 1 mitigation
X-Git-Tag: php-7.1.15RC1~28
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=043d53c7891e7f9437221acaf0fe0fd09a318b41;p=php

Add switches for Spectre variant 1 mitigation
---

diff --git a/win32/build/confutils.js b/win32/build/confutils.js
index a75546c86c..d8a8e34307 100644
--- a/win32/build/confutils.js
+++ b/win32/build/confutils.js
@@ -3068,6 +3068,19 @@ function toolset_setup_common_cflags()
 			// Set some debug/release specific options
 			ADD_FLAG('CFLAGS', ' /RTC1 ');
 		} else {
+			if (PHP_DEBUG == "no" && PHP_SECURITY_FLAGS == "yes") {
+				/* Mitigations for Spectre variant 1, see
+					https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-msvc/ 
+					TODO backport for all supported VS versions when they release it. */
+				if (VCVERS >= 1912) {
+					if (VCVERS >= 1913) {
+						ADD_FLAG('CFLAGS', "/Qspectre");
+					} else {
+						/* Undocumented. */
+						ADD_FLAG('CFLAGS', "/d2guardspecload");
+					}
+				}
+			}
 			if (VCVERS >= 1900) {
 				if (PHP_SECURITY_FLAGS == "yes") {
 					ADD_FLAG('CFLAGS', "/guard:cf");