From 7faec8e5ebc3fb45009f7a29fe529ca7fa023b46 Mon Sep 17 00:00:00 2001
From: Catalin Fratila <catalinf@microsoft.com>
Date: Fri, 8 Dec 2017 14:31:29 +0100
Subject: [PATCH] Security Improvement: Enable Control Flow Guard on Windows -
 https://docs.microsoft.com/en-us/cpp/build/reference/guard-enable-control-flow-guard

---
 brightray/brightray.gypi | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/brightray/brightray.gypi b/brightray/brightray.gypi
index 46079e09787..13b990077a3 100644
--- a/brightray/brightray.gypi
+++ b/brightray/brightray.gypi
@@ -244,9 +244,16 @@
             # perform FPO regardless, so we must explicitly disable.
             # We still want the false setting above to avoid having
             # "/Oy /Oy-" and warnings about overriding.
-            'AdditionalOptions': ['/Oy-'],
+            'AdditionalOptions': ['/Oy-', '/d2guard4'],
           },
           'VCLinkerTool': {
+            # Control Flow Guard is a security feature in Windows
+            # 8.1 and higher designed to prevent exploitation of
+            # indirect calls in executables.
+            # Control Flow Guard is enabled using the /d2guard4
+            # compiler setting in combination with the /guard:cf
+            # linker setting.
+            'AdditionalOptions': ['/guard:cf'],
             # Turn off incremental linking to save binary size.
             'LinkIncremental': '1',  # /INCREMENTAL:NO
           },