From 882f5dc814ca1fd5513c19c2db03a529c59faf15 Mon Sep 17 00:00:00 2001
From: Rich Chiodo false <rchiodo@microsoft.com>
Date: Tue, 4 Mar 2025 14:13:39 -0800
Subject: [PATCH 1/3] Add controlflow guard to linux, mac, and pyd files

---
 .../pydevd_attach_to_process/linux_and_mac/compile_linux.sh     | 2 +-
 .../pydevd_attach_to_process/linux_and_mac/compile_mac.sh       | 2 +-
 src/debugpy/_vendored/pydevd/setup.py                           | 2 ++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_linux.sh b/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_linux.sh
index 6df8c1fbe..1ebca3c70 100755
--- a/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_linux.sh
+++ b/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_linux.sh
@@ -8,4 +8,4 @@ case $ARCH in
 esac
 
 SRC="$(dirname "$0")/.."
-g++ -std=c++11 -shared -fPIC -nostartfiles $SRC/linux_and_mac/attach.cpp -o $SRC/attach_linux_$SUFFIX.so
+g++ -std=c++11 -shared -fPIC -D_FORTIFY_SOURCE=2 -nostartfiles $SRC/linux_and_mac/attach.cpp -o $SRC/attach_linux_$SUFFIX.so
diff --git a/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_mac.sh b/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_mac.sh
index b1930bb4f..34a65b755 100755
--- a/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_mac.sh
+++ b/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_mac.sh
@@ -1,4 +1,4 @@
 set -e
 SRC="$(dirname "$0")/.."
-g++ -fPIC -D_REENTRANT -std=c++11 -arch x86_64 -c $SRC/linux_and_mac/attach.cpp -o $SRC/attach_x86_64.o
+g++ -fPIC -D_REENTRANT -std=c++11 -D_FORTIFY_SOURCE=2 -arch x86_64 -c $SRC/linux_and_mac/attach.cpp -o $SRC/attach_x86_64.o
 g++ -dynamiclib -nostartfiles -arch x86_64 -lc $SRC/attach_x86_64.o -o $SRC/attach_x86_64.dylib
diff --git a/src/debugpy/_vendored/pydevd/setup.py b/src/debugpy/_vendored/pydevd/setup.py
index f4ab050b2..456a69b6a 100644
--- a/src/debugpy/_vendored/pydevd/setup.py
+++ b/src/debugpy/_vendored/pydevd/setup.py
@@ -170,6 +170,8 @@ def make_rel(p):
         # uncomment to generate pdbs for visual studio.
         # extra_compile_args=["-Zi", "/Od"]
         # extra_link_args=["-debug"]
+        extra_compile_args = ["/guard:cf"]
+        extra_link_args = ["/guard:cf", "/DYNAMICBASE"]
 
     kwargs = {}
     if extra_link_args:

From e17ee1711ebe82523c28e8c7728338476548563d Mon Sep 17 00:00:00 2001
From: rchiodo <rchiodo@microsoft.com>
Date: Tue, 4 Mar 2025 22:27:55 +0000
Subject: [PATCH 2/3] Fix manylinux too

---
 .../linux_and_mac/compile_manylinux.cmd                       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_manylinux.cmd b/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_manylinux.cmd
index e55f0bf42..59375bf89 100755
--- a/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_manylinux.cmd
+++ b/src/debugpy/_vendored/pydevd/pydevd_attach_to_process/linux_and_mac/compile_manylinux.cmd
@@ -5,6 +5,6 @@
 ::   [wsl2]
 ::   kernelCommandLine = vsyscall=emulate
 
-docker run --rm -v %~dp0/..:/src quay.io/pypa/manylinux1_x86_64 g++ -std=c++11 -shared -o /src/attach_linux_amd64.so -fPIC -nostartfiles /src/linux_and_mac/attach.cpp
+docker run --rm -v %~dp0/..:/src quay.io/pypa/manylinux1_x86_64 g++ -std=c++11 -D_FORTIFY_SOURCE=2 -shared -o /src/attach_linux_amd64.so -fPIC -nostartfiles /src/linux_and_mac/attach.cpp
 
-docker run --rm -v %~dp0/..:/src quay.io/pypa/manylinux1_i686 g++ -std=c++11 -shared -o /src/attach_linux_x86.so -fPIC -nostartfiles /src/linux_and_mac/attach.cpp
+docker run --rm -v %~dp0/..:/src quay.io/pypa/manylinux1_i686 g++ -std=c++11 -D_FORTIFY_SOURCE=2 -shared -o /src/attach_linux_x86.so -fPIC -nostartfiles /src/linux_and_mac/attach.cpp

From 54f0f15c8d5024e3c5a8d9072c535fc9cd27d84c Mon Sep 17 00:00:00 2001
From: Rich Chiodo false <rchiodo@microsoft.com>
Date: Tue, 4 Mar 2025 15:10:50 -0800
Subject: [PATCH 3/3] Fix pydevd bits too

---
 src/debugpy/_vendored/pydevd/setup_pydevd_cython.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py b/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py
index 01b2e6cce..14f73f4f8 100644
--- a/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py
+++ b/src/debugpy/_vendored/pydevd/setup_pydevd_cython.py
@@ -207,6 +207,8 @@ def build_extension(dir_name, extension_name, target_pydevd_name, force_cython,
             # uncomment to generate pdbs for visual studio.
             # extra_compile_args=["-Zi", "/Od"]
             # extra_link_args=["-debug"]
+            extra_compile_args = ["/guard:cf"]
+            extra_link_args = ["/guard:cf", "/DYNAMICBASE"]
             if IS_PY311_ONWARDS:
                 # On py311 we need to add the CPython include folder to the include path.
                 extra_compile_args.append("-I%s\\include\\CPython" % sys.exec_prefix)