Description
Description
As per the rule BA2008, control flow guard needs to be enabled.
Rule Id: BA2008
Rule Name: EnableControlFlowGuard
Rule Description: Binaries should enable the compiler control guard feature (CFG) at build time to prevent attackers from redirecting execution to unexpected, unsafe locations. CFG analyzes and discovers all indirect-call instructions at compilation and link time. It also injects a check that precedes every indirect call in code that ensures the target is an expected, safe location. If that check fails at runtime, the operating system will close the program.
Suggestion by Binskim
To resolve this issue, pass /guard:cf on both the compiler and linker command lines. Binaries also require the /DYNAMICBASE linker option in order to enable CFG.
For VC projects use ItemDefinitionGroup - ClCompile - ControlFlowGuard property with 'Guard' value, link CFG property will be set automatically.
Code
The best way to share code for larger projects is a link to a GitHub repository: https://github.com/user/repo/tree/bug-123
But, you can also share a short block of code here:
// some C# code hereYou can also share some XAML:
<!-- xaml code here -->Expected Behavior
CFG needs to be enabled
Actual Behavior
No response
Version of SkiaSharp
3.116.0 (Current)
Last Known Good Version of SkiaSharp
2.88.9 (Previous)
IDE / Editor
Visual Studio (Windows)
Platform / Operating System
Windows
Platform / Operating System Version
No response
Devices
No response
Relevant Screenshots
No response
Relevant Log Output
Code of Conduct
- I agree to follow this project's Code of Conduct
Metadata
Metadata
Assignees
Type
Projects
Status