[cfe-dev] Status of stack-protector

Jean-Daniel Dupas devlists at shadowlab.org
Fri Jan 8 06:54:26 PST 2010


While I was playing with stack protector option, I found a problem.

In my test program (x86_64), the call to stack_chk_fail is generated after the 'ret' instruction and so is never reached (I'm not an x86 assembly expert, so correct me if I'm wrong on this point)

0000000100000ea4	movq	0xd8(%rbp),%rax
0000000100000ea8	movq	(%rax),%rax
0000000100000eab	movq	0xf8(%rbp),%rcx
0000000100000eaf	cmpq	%rcx,%rax
0000000100000eb2	jne	0x00000eba
0000000100000eb4	addq	$0x40,%rsp
0000000100000eb8	popq	%rbp
0000000100000eb9	ret
0000000100000eba	callq	0x00000ec0

The same problem occurs on x86 too. I didn't try other arch.

Is this a known issue ? 

This is my test file compiled using 

clang -fstack-protector-all -o stack stack.c

------------- stack.c --------------

#include <libc.h>

void test(const char *msg) {
  char buffer[8];
  bcopy(msg, buffer, strlen(msg) + 1);
  fprintf(stderr, "%s\n", buffer);

int main(int argc, const char **argv) {
  test("Hello World !");
  return 0;


When compiled with gcc, the execution is properly aborted at the end of the test function, but not when compiled with clang.

-- Jean-Daniel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20100108/b8445fd1/attachment.html>

More information about the cfe-dev mailing list