[cfe-dev] What do the different stack-protector levels protect in Clang?

Yaron Shragai via cfe-dev cfe-dev at lists.llvm.org
Thu Apr 27 14:48:15 PDT 2017 

A typo in my OP broke the link to the document on Google Docs.  Here is the
link:
https://docs.google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU/edit

Here is more specifically what I am looking for:
In GCC, it is published that the stack protector option levels do the
following things (this is in the linked document):
-fno-stack-protector: No protection.
-fstack-protector: Protection for functions in which either of the
following is true:
   * The function uses alloca
   * There is a char array that is bigger than 8 bytes (actually, bigger
than whatever SSP_BUFFER_SIZE is)
-fstack-protector-all: Protection for all functions - no heuristic.
-fstack-protector-strong: Protection for functions in which any of the
following is true:
   * Any the address of any local variable used in the RHS of an assignment
   * Any local variable is passed by reference to a function
   * There is *any* array, regardless of array type or length
   * There is a struct/union containing an array
   * There are register local variables

(Also, the stack data is rearranged such that variables are at lower
addresses than buffers.)

What about on Clang? What specifically does -fstack-protector protect? What
specifically does -fstack-protector-strong protect?  Is it exactly the same
definition as in GCC?

Thanks!


On Thu, Apr 27, 2017 at 4:14 PM, 陳韋任 <chenwj.cs97g at g2.nctu.edu.tw> wrote:
>
> Is this https://clang.llvm.org/docs/ClangCommandLineReference.html what
you are looking at?
> Under the Clang source directory, `grep -r "stack-protector" docs/*`
gives the following result:
>
>   docs/ClangCommandLineReference.rst:.. option:: -fstack-protector,
-fno-stack-protector
>   docs/ClangCommandLineReference.rst:.. option:: -fstack-protector-all
>   docs/ClangCommandLineReference.rst:.. option:: -fstack-protector-strong
>   docs/DiagnosticsReference.rst:-Wstack-protector
>
> Or you can goole with "stack protector site:
http://lists.llvm.org/pipermail/cfe-dev/" to find something
> on the cfe-dev mailing list. I think that's all you can find.
>
> Regards,
> chenwj
>
>
> 2017-04-28 1:20 GMT+08:00 Yaron Shragai via cfe-dev <
cfe-dev at lists.llvm.org>:
>>
>> Hello,
>>
>> I see documentation out there for the levels of stack-protector in GCC:
Regular protects functions that have buffers or that use alloca(), all
protects all functions, strong protects functions with the conditions
listed in para 3 in this doc:
https://docs.google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU/editAlso,
in GCC, stack-protector puts variables below buffers on the stack (i.e.,
higher up the stack).
>>
>> I'm having trouble finding similar documentation for Clang. (Even if
it's just an official statement that "Clang does the same thing as GCC.")
>>
>> Thanks!
>>
>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
>
>
>
> --
> Wei-Ren Chen (陳韋任)
> Homepage: https://people.cs.nctu.edu.tw/~chenwj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170427/85a4a177/attachment.html>

More information about the cfe-dev mailing list