Disable data page (heap) execution when running on Mac OS X 10.7 ("Lion").
BUG=91990
TEST=otool -h Whatever.app/Contents/MacOS/Whatever should show the 0x1000000
bit set in the |flags| column
Review URL: http://codereview.chromium.org/7608027
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@96288 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/build/common.gypi b/build/common.gypi
index 60d9dcc..5229980d 100644
--- a/build/common.gypi
+++ b/build/common.gypi
@@ -1666,6 +1666,23 @@
['_mac_bundle', {
'xcode_settings': {'OTHER_LDFLAGS': ['-Wl,-ObjC']},
}],
+ ['_type=="executable"', {
+ 'postbuilds': [
+ {
+ # Arranges for data (heap) pages to be protected against
+ # code execution when running on Mac OS X 10.7 ("Lion").
+ 'variables': {
+ # Define make_heap_non_executable in a variable ending in
+ # _path so that gyp understands it's a path and performs
+ # proper relativization during dict merging.
+ 'make_heap_non_executable_path':
+ 'mac/make_heap_non_executable_from_xcode.sh',
+ },
+ 'postbuild_name': 'Make Heap Non-Executable',
+ 'action': ['<(make_heap_non_executable_path)'],
+ },
+ ],
+ }],
['_type=="executable" and release_valgrind_build==0', {
# Turn on position-independence (ASLR) for executables. When PIE
# is on for the Chrome executables, the framework will also be
