<html>
<head>
<base href="https://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - Combine SafeStack with StackProtector"
href="https://llvm.org/bugs/show_bug.cgi?id=25570">25570</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Combine SafeStack with StackProtector
</td>
</tr>
<tr>
<th>Product</th>
<td>libraries
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>Miscellaneous Instrumentation passes
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>eugeni.stepanov@gmail.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre>StackProtector can catch stack data corruption in the caller's stack frame.
SafeStack can not do this. For ultimate protection, we should combine the two.
It looks like the "safe" (i.e. system) stack does not require a protector
cookie, because all the scary allocations are moved away from it. We could run
the StackProtector pass after SafeStack, and that would add a cookie to the
safe stack if it deems necessary, but as StackProtector implementation is a bit
dumber than SafeStack it would add unnecessary cookies.
Instead SafeStack could be extended to add a cookie to the unsafe stack each
time a function has an unsafe frame. No extra logic required.
We would need to repeat (or factor out) the logic of obtaining a cookie value
found in CreatePrologue in StackProtector.cpp.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>