Turn off CFG when not needed

Control Flow Guard is a security feature that can help stop exploits. It is primarily need on our official builds. On the debug and component builds where Chromium is primarily developed it just adds a bit of extra size to the object files. This was fine until it triggered a spurious link error in component builds when symbol_level=2 was selected. This wasn't caught by the bots because most (all?) of them build with symbol_level=1, or non-component. This turns off CFG for debug and component builds, thus getting those builds working again for developers. Bug: 1019970 Change-Id: I7a56af177452e62a5f3ad1daa608970cb9518d4f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1891991 Reviewed-by: Bruce Dawson <brucedawson@chromium.org> Reviewed-by: Takuto Ikuta <tikuta@chromium.org> Auto-Submit: Bruce Dawson <brucedawson@chromium.org> Commit-Queue: Takuto Ikuta <tikuta@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#711083} Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src Cr-Mirrored-Commit: 85f2f96018d91d6b2a36313aea758b8271685fb5
2019-10-31 01:37:43 +00:00 · 2019-10-31 01:37:43 +00:00 · f827aae95e
--- a/config/win/BUILD.gn
+++ b/config/win/BUILD.gn
@ -89,7 +89,11 @@ config("compiler") {
    # don't emit the CFG checks themselves, but this enables the functions to
    # be called by code that is built with those checks enabled, such as system
    # libraries.
-    cflags += [ "/guard:cf,nochecks" ]
+    if (!is_debug && !is_component_build) {
+      # CFG isn't needed on debug or component builds, adds a bit of bloat to
+      # .obj files, and caused link errors once - https://crbug.com/1019970
+      cflags += [ "/guard:cf,nochecks" ]
+    }

    if (is_component_build) {
      cflags += [