[PATCH] D85239: [DOCS] Add more detail to stack protector documentation
Peter Smith via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Aug 5 04:57:49 PDT 2020
psmith marked an inline comment as done.
psmith added inline comments.
================
Comment at: clang/docs/ClangCommandLineReference.rst:2139
-Enable stack protectors for some functions vulnerable to stack smashing. This uses a loose heuristic which considers functions vulnerable if they contain a char (or 8bit integer) array or constant sized calls to alloca, which are of greater size than ssp-buffer-size (default: 8 bytes). All variable sized calls to alloca are considered vulnerable
+Enable stack protectors for some functions vulnerable to stack smashing. This uses a loose heuristic which considers functions vulnerable if they contain a char (or 8bit integer) array or constant sized calls to alloca, which are of greater size than ssp-buffer-size (default: 8 bytes). All variable sized calls to alloca are considered vulnerable. A function with a stack protector has a guard value added to the stack frame that is checked on function exit. The guard value must be positioned in the stack frame such that a buffer overflow from a vulnerable variable will overwrite to the guard value before overwriting the function's return address. The reference stack guard value is stored in a global variable.
----------------
probinson wrote:
> "overwrite to the guard variable" -> "overwrite the guard variable"
Thanks, now updated
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D85239/new/
https://reviews.llvm.org/D85239
More information about the cfe-commits
mailing list