mac: Use -fstack-protector-strong instead of -fstack-protector-all.

This should reduce binary size quite a bit, without less security.
We currently use different -fstack-protector flags on different platforms,
and I think -fstack-protector-strong is where we eventually want all platforms
to be.  Chrome OS has been using that flag for a long time already.  Linux
will use it eventually (see bug linked to in the comment I'm adding here.)
clang-cl is very likely going to hook up /GS to -fstack-protector-strong.

BUG=none

Review-Url: https://codereview.chromium.org/2029633002
Cr-Original-Commit-Position: refs/heads/master@{#397174}
Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
Cr-Mirrored-Commit: 53b9133ec5956418541ae10e40547558ae70b387

common.gypi

@@ -3375,7 +3375,7 @@
           ['release_valgrind_build==0', {
             'xcode_settings': {
               'OTHER_CFLAGS': [
-                '-fstack-protector-all',  # Implies -fstack-protector
+                '-fstack-protector-strong',  # Implies -fstack-protector
               ],
             },
           }],
@@ -3593,7 +3593,7 @@
       # and we want to avoid overriding this, so stack-protector is only
       # enabled when not building on Chrome OS.
       # TODO(phajdan.jr): Use -fstack-protector-strong when our gcc
-      # supports it.
+      # supports it.  See also https://crbug.com/533294
       'target_defaults': {
         'cflags': [
           '-fstack-protector',

config/compiler/BUILD.gn

@@ -191,9 +191,10 @@ config("compiler") {
 
     # Stack protection.
     if (is_mac) {
-      cflags += [ "-fstack-protector-all" ]
+      cflags += [ "-fstack-protector-strong" ]
     } else if (is_posix && !is_chromeos && !is_nacl) {
       # TODO(phajdan.jr): Use -fstack-protector-strong when our gcc supports it.
+      # See also https://crbug.com/533294
       cflags += [ "--param=ssp-buffer-size=4" ]
 
       # The x86 toolchain currently has problems with stack-protector.