From 74367093c803f1962550f7cb59d1efcc80295fec Mon Sep 17 00:00:00 2001
From: Maksim Shabunin <maksim.shabunin@gmail.com>
Date: Wed, 24 Jan 2018 17:17:36 +0300
Subject: [PATCH] VS with hardening: added guard flag, moved dynamicbase and
 safeseh to linker flags

---
 cmake/OpenCVCompilerDefenses.cmake | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/cmake/OpenCVCompilerDefenses.cmake b/cmake/OpenCVCompilerDefenses.cmake
index 7d1ba0b..f72f941 100644
--- a/cmake/OpenCVCompilerDefenses.cmake
+++ b/cmake/OpenCVCompilerDefenses.cmake
@@ -37,9 +37,13 @@ endmacro()
 
 if(MSVC)
   ocv_add_defense_compiler_flag("/GS")
-  ocv_add_defense_compiler_flag("/DynamicBase")
-  ocv_add_defense_compiler_flag("/SafeSEH")
   ocv_add_defense_compiler_flag("/sdl")
+  ocv_add_defense_compiler_flag("/guard:cf")
+  ocv_add_defense_compiler_flag("/w34018 /w34146 /w34244 /w34267 /w34302 /w34308 /w34509 /w34532 /w34533 /w34700 /w34789 /w34995 /w34996")
+  set(OPENCV_LINKER_DEFENSES_FLAGS_COMMON "${OPENCV_LINKER_DEFENSES_FLAGS_COMMON} /guard:cf /dynamicbase" )
+  if(NOT X86_64)
+    set(OPENCV_LINKER_DEFENSES_FLAGS_COMMON "${OPENCV_LINKER_DEFENSES_FLAGS_COMMON} /safeseh")
+  endif()
 elseif(CMAKE_COMPILER_IS_GNUCXX)
   if(CMAKE_CXX_COMPILER_VERSION VERSION_LESS "4.9")
     ocv_add_defense_compiler_flag("-fstack-protector")
@@ -67,10 +71,10 @@ else()
 endif()
 
 set(CMAKE_POSITION_INDEPENDENT_CODE TRUE)
-if(NOT CMAKE_CXX_FLAGS MATCHES "-fPIC")
-  ocv_add_defense_compiler_flag("-fPIC")
-endif()
 if(CMAKE_COMPILER_IS_GNUCXX)
+    if(NOT CMAKE_CXX_FLAGS MATCHES "-fPIC")
+      ocv_add_defense_compiler_flag("-fPIC")
+    endif()
   set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fPIE -pie")
 endif()
 
-- 
2.7.4