[cfe-dev] Status of stack-protector
Jean-Daniel Dupas
devlists at shadowlab.org
Fri Jan 8 06:54:26 PST 2010
Hello,
While I was playing with stack protector option, I found a problem.
In my test program (x86_64), the call to stack_chk_fail is generated after the 'ret' instruction and so is never reached (I'm not an x86 assembly expert, so correct me if I'm wrong on this point)
-------------------
0000000100000ea4 movq 0xd8(%rbp),%rax
0000000100000ea8 movq (%rax),%rax
0000000100000eab movq 0xf8(%rbp),%rcx
0000000100000eaf cmpq %rcx,%rax
0000000100000eb2 jne 0x00000eba
0000000100000eb4 addq $0x40,%rsp
0000000100000eb8 popq %rbp
0000000100000eb9 ret
0000000100000eba callq 0x00000ec0
The same problem occurs on x86 too. I didn't try other arch.
Is this a known issue ?
This is my test file compiled using
clang -fstack-protector-all -o stack stack.c
------------- stack.c --------------
#include <libc.h>
static
void test(const char *msg) {
char buffer[8];
bcopy(msg, buffer, strlen(msg) + 1);
fprintf(stderr, "%s\n", buffer);
}
int main(int argc, const char **argv) {
test("Hello World !");
return 0;
}
------------------------
When compiled with gcc, the execution is properly aborted at the end of the test function, but not when compiled with clang.
-- Jean-Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20100108/b8445fd1/attachment.html>
More information about the cfe-dev
mailing list