Moar options!

[kees]

-D_FORTIFY_SOURCE=3 exists now.

-ftrivial-auto-var-init=zero is in GCC 12+ and Clang.

-fsanitize=bounds -fsanitize-undefined-trap-on-error for trivial checking of known-size arrays.

-fstrict-flex-arrays will be in GCC 13+ and Clang 16+, but likely requires some very careful management of some header files, especially anything using the very ancient struct sockaddr. But it'll gain coverage of trailing arrays that would otherwise be ignored by FORTIFY and sanitize=bounds.

[trou]

I updated the page for GCC 12, I still have to cover the modern versions of clang