Use Windows security mitigation features: ASLR, DEP

Bug: https://issuetracker.google.com/36952278
Bug: http://b/113171785

From
https://android-review.googlesource.com/c/platform/system/core/+/737292:

The --dynamicbase linker flag enables use of Address Space Layout
Randomization (ASLR) on Windows Vista and newer. It causes the code
segment / module to be loaded at unpredictable addresses to make
exploits harder to construct.

The --nxcompat linker flag enables use of Data Execution Protection
(DEP) on Windows XP SP2 and newer. It causes the process to be killed if
the process tries to execute code on memory pages not marked executable.
This makes exploits harder to construct because the stack is then not
executable, other data pages aren't, etc.

These bits are already set on AdbWinApi.dll and AdbWinUsbApi.dll.

--high-entropy-va provides improved ASLR.

Credit: Spencer Low for doing the initial work at
https://android-review.googlesource.com/c/platform/system/core/+/737292.

Test: Verify that DLLCharacteristics reported by 'objdump -x' is:
      0x140 for 32-bit and 0x160 for 64-bit.  Also verified trivial use
      cases under Wine.

Change-Id: I1b898cd36c7c627916dae9ce7dfd1c27de1e3c59

1 files changed, 3 insertions, 0 deletions

diff --git a/cc/config/x86_windows_host.go b/cc/config/x86_windows_host.go
index 4cb8fa47..9003e858 100644
--- a/cc/config/x86_windows_host.go
+++ b/cc/config/x86_windows_host.go
@@ -62,6 +62,8 @@ var (
 
 	windowsLdflags = []string{
 		"--enable-stdcall-fixup",
+		"-Wl,--dynamicbase",
+		"-Wl,--nxcompat",
 	}
 	windowsClangLdflags  = append(ClangFilterUnknownCflags(windowsLdflags), []string{}...)
 	windowsClangLldflags = ClangFilterUnknownLldflags(windowsClangLdflags)
@@ -96,6 +98,7 @@ var (
 		"-m64",
 		"-L${WindowsGccRoot}/${WindowsGccTriple}/lib64",
 		"-static-libgcc",
+		"-Wl,--high-entropy-va",
 	}
 	windowsX8664ClangLdflags = append(ClangFilterUnknownCflags(windowsX8664Ldflags), []string{
 		"-B${WindowsGccRoot}/${WindowsGccTriple}/bin",