[PATCH] D85239: [DOCS] Add more detail to stack protector documentation
Peter Smith via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Aug 6 05:59:28 PDT 2020
This revision was automatically updated to reflect the committed changes.
psmith marked an inline comment as done.
Closed by commit rG839d974ee0e4: [DOCS] Add more detail to stack protector documentation (authored by psmith).
Herald added a project: clang.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D85239/new/
https://reviews.llvm.org/D85239
Files:
clang/docs/ClangCommandLineReference.rst
clang/include/clang/Driver/Options.td
Index: clang/include/clang/Driver/Options.td
===================================================================
--- clang/include/clang/Driver/Options.td
+++ clang/include/clang/Driver/Options.td
@@ -1801,10 +1801,15 @@
"as well as any calls to alloca or the taking of an address from a local variable">;
def fstack_protector : Flag<["-"], "fstack-protector">, Group<f_Group>,
HelpText<"Enable stack protectors for some functions vulnerable to stack smashing. "
- "This uses a loose heuristic which considers functions vulnerable "
- "if they contain a char (or 8bit integer) array or constant sized calls to "
- "alloca, which are of greater size than ssp-buffer-size (default: 8 bytes). "
- "All variable sized calls to alloca are considered vulnerable">;
+ "This uses a loose heuristic which considers functions vulnerable if they "
+ "contain a char (or 8bit integer) array or constant sized calls to alloca "
+ ", which are of greater size than ssp-buffer-size (default: 8 bytes). All "
+ "variable sized calls to alloca are considered vulnerable. A function with"
+ "a stack protector has a guard value added to the stack frame that is "
+ "checked on function exit. The guard value must be positioned in the "
+ "stack frame such that a buffer overflow from a vulnerable variable will "
+ "overwrite the guard value before overwriting the function's return "
+ "address. The reference stack guard value is stored in a global variable.">;
def ftrivial_auto_var_init : Joined<["-"], "ftrivial-auto-var-init=">, Group<f_Group>,
Flags<[CC1Option, CoreOption]>, HelpText<"Initialize trivial automatic stack variables: uninitialized (default)"
" | pattern">, Values<"uninitialized,pattern">;
Index: clang/docs/ClangCommandLineReference.rst
===================================================================
--- clang/docs/ClangCommandLineReference.rst
+++ clang/docs/ClangCommandLineReference.rst
@@ -2136,7 +2136,7 @@
.. option:: -fstack-protector, -fno-stack-protector
-Enable stack protectors for some functions vulnerable to stack smashing. This uses a loose heuristic which considers functions vulnerable if they contain a char (or 8bit integer) array or constant sized calls to alloca, which are of greater size than ssp-buffer-size (default: 8 bytes). All variable sized calls to alloca are considered vulnerable
+Enable stack protectors for some functions vulnerable to stack smashing. This uses a loose heuristic which considers functions vulnerable if they contain a char (or 8bit integer) array or constant sized calls to alloca , which are of greater size than ssp-buffer-size (default: 8 bytes). All variable sized calls to alloca are considered vulnerable. A function witha stack protector has a guard value added to the stack frame that is checked on function exit. The guard value must be positioned in the stack frame such that a buffer overflow from a vulnerable variable will overwrite the guard value before overwriting the function's return address. The reference stack guard value is stored in a global variable.
.. option:: -fstack-protector-all
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D85239.283585.patch
Type: text/x-patch
Size: 3235 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20200806/182c1505/attachment.bin>
More information about the cfe-commits
mailing list