[cfe-dev] Status of stack-protector

Jean-Daniel Dupas devlists at shadowlab.org
Fri Jan 8 07:11:19 PST 2010 

OK, so it works but only if I reduce the stack buffer size a little more. Sorry for the noise.


Le 8 janv. 2010 à 16:01, Jean-Daniel Dupas a écrit :

> My bad. I just read a little more how the stack guard works, and saw that the position of the call is good. 
> My problem is elsewhere as the behavior is not the same with GCC and clang. I will dig a little deeper to see what the difference is.
> 
> Le 8 janv. 2010 à 15:54, Jean-Daniel Dupas a écrit :
> 
>> Hello,
>> 
>> While I was playing with stack protector option, I found a problem.
>> 
>> In my test program (x86_64), the call to stack_chk_fail is generated after the 'ret' instruction and so is never reached (I'm not an x86 assembly expert, so correct me if I'm wrong on this point)
>> 
>> -------------------
>> 0000000100000ea4	movq	0xd8(%rbp),%rax
>> 0000000100000ea8	movq	(%rax),%rax
>> 0000000100000eab	movq	0xf8(%rbp),%rcx
>> 0000000100000eaf	cmpq	%rcx,%rax
>> 0000000100000eb2	jne	0x00000eba
>> 0000000100000eb4	addq	$0x40,%rsp
>> 0000000100000eb8	popq	%rbp
>> 0000000100000eb9	ret
>> 0000000100000eba	callq	0x00000ec0
>> 
>> The same problem occurs on x86 too. I didn't try other arch.
>> 
>> Is this a known issue ? 
>> 
>> This is my test file compiled using 
>> 
>> clang -fstack-protector-all -o stack stack.c
>> 
>> ------------- stack.c --------------
>> 
>> #include <libc.h>
>> 
>> static
>> void test(const char *msg) {
>>   char buffer[8];
>>   bcopy(msg, buffer, strlen(msg) + 1);
>>   fprintf(stderr, "%s\n", buffer);
>> }
>> 
>> int main(int argc, const char **argv) {
>>   test("Hello World !");
>>   return 0;
>> }
>> 
>> ------------------------
>> 
>> When compiled with gcc, the execution is properly aborted at the end of the test function, but not when compiled with clang.
>> 
>> -- Jean-Daniel
>> 
>> 
>> 
>> 
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
> 
> -- Jean-Daniel
> 
> 
> 
> 
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

-- Jean-Daniel




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20100108/a7cd1f7b/attachment.html>

More information about the cfe-dev mailing list