<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/66709>66709</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Clang ssp-buffer-size misinterprets some IR-level padding as arrays
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          davidben
      </td>
    </tr>
</table>

<pre>
    `-fstack-protector` inserts stack canaries into functions that have sufficiently large character buffers on the stack. I guess the idea is if the programmer (not the compiler) puts a character array somewhere, they are at risk of overflowing it, so it is worth adding a stack protector to the function.

However, Clang sometimes lowers structs to IR types that contain explicit padding in the form of arrays. The SSP implementation seems to look at IR types, not C types. It then misreads this padding as an array at risk of overflowing. The default threshold of 8 is large enough that this rarely happens, but if one passes `--param=ssp-buffer-size=4` to the compiler, it becomes more uncommon.

See godbolt links below:
https://godbolt.org/z/6nM453Kdh
https://godbolt.org/z/cvo1sh87s

Instead, it should only be looking at the C types. In so far as we believe large character stack buffers are more at risk of overflow, that heuristic should only apply to arrays from the programmer and not from the compiler.

(Aside: Not directly relevant to this bug, but this seems to be the cause of at least some of the binary size regression that Chrome sees when switching from Abseil's `absl::optional` to libc++'s `std::optional`. Abseil uses `bool; T` while libc++ uses `T; bool`. The ordering change tickles this bug and so we burn binary size by adding more stack protectors!)
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyMVd2O4jgTfRpzUwIF0-HngoseWuhrfdrVamZeoOJUEm87duRyYJmnX5UTmO6euVgJgWwX5VPnnCojs2090VGVX1T5ssAxdSEea7zYuiK_qEJ9O6ptsWw4oXlbDjEkMilEtS3AeqaYGPIRGPQYLTFYnwI0ozfJBs-QOkzQ4YWAx6axxpJP7gYOY0tgOoxoEkWoxqahyBA8pI6mnCt4hXYk5rxla0KwDLbJyyGGNmLfUwSl9z6kvGtCP1hHUekDDGNiwHd3YIx4Aw49XTuKpPRJ_nMDjASYIFp-g9BAuFBsXLha34JNEsUBbJK7ryGmDrCu5Qznyh-kQAoZxL34lSpeVPE8ff8vXOkiwE5wcujbjCPZnhhcuErpnOJoEkuW16-QbgPN7JngE1oP9M_grLEJhhmBnchqQuwFeK6PV_C9I_j27S-w_eCoJ59Q0AAT9Tm7C-FNCr7fIpiEwNO0XMFrJtNDbzkS1gLD8uNWZEA_k_l72iYINTU4OkkVibvgaonaC42T-OTD2HZTifmCiJHcDTocBvIZVTUm0Tt4ggGZiUHMuBwwYq82L8zDcjLOku0PUpuXJzHmLMNPL5xEvopMELb7EAlGb0Lff5LoGxG0oa6CS-Csf2OoyIWr2sznXUoDy0qflT7PkasQW6XPP5Q-b_0fT-Xm_3X338LNJay52-_4PYZXz4mwnjFzF0bhzbsbVJSFywpMZv-plxeLNhhFmysJbEsX-qXJJr_eW01sn8n4jYhTb0jn0hgtJ2s-YMFhcDfhebIcNDH0n7sSfZ1d9Ti76_GBc6X3z2xrUptn-DMkqG0kIwMikqML-jSpaRmqsb1bIq8fdq5oSo8jU26DBI6QU-4w2ZDTynqMNxCbQKQ2ErPNswYTnLookUzEcBXf89Um0wnTGfxzxWSd0rtsP6zYiaqb5zBIX6GbPedsZZT-kj9TKKf6l8jVnA7G2c5VCE5tvsB3SXPtrKN3mR5R3yUkh0oKaa8Qa4qC0XToW4JkzZsjfpCVBeCQ_TBG_4GB6nYfYtkAn-YYK71W-rCoj5v6sDnggo7r7aEsdk_7dbnojvtDvS-LYl0XRu9NeSiaclMe1k-7YltiieuFPepCb4rDeq91sS3L1a7QptgfEEsqdKP36qmgHq1bOXfppSUWlnmk43a7Kw4LhxU5zm-S1kaGpdJanqd4lPhlNbasngpnOfHPDMkmR8d5tn4cDDLIrE8Uh0jyYInar1-Xji7kPoy17ObFGN3xU_Pa1I3VyoRe6bPcOP_Ig_g3maT0ORfAMgWkhn8DAAD__7L6hEE">