[cfe-users] Does -fstack-protector[-all] actually do anything?

Jeffrey Walton noloader at gmail.com
Tue Jun 3 05:10:51 PDT 2014


On Tue, Jun 3, 2014 at 6:54 AM, Dallman, John <john.dallman at siemens.com> wrote:
> On the Windows/MSVC builds of the product I work on, I've turned on the
> "GuardStack" compiler option (/GS) which puts in fences to detect buffer
> overruns in functions that the compiler thinks need it. Now I'm looking
> at other platforms.
>
> GCC has -fstack-protector and -fstack-protector-all. There's also the fairly
> new -fstack-protector-strong, but I need to support Linuxes that are too
> old to have that.
>
> Clang has Address Sanitizer, but that seems to cost too much performance
> for production code - with a bit of work, one can get the /GS losses down
> to 2% or less with MSVC.
>
> Clang also accepts GCC's -fstack-protector and -fstack-protector-all, but
> they don't seem to do anything: taking assembly listings for a simple test
> program compiled with and without -fstack-protector-all and diffing them
> reveals no differences at all. I'm using OS X 10.9.2 with a Clang from Xcode
> that reports itself as:
>
>     Apple LLVM version 5.0 (clang-500.2.79) (based on LLVM 3.3svn)
>
> Are -fstack-protector and -fstack-protector-all just being accepted and
> ignored?
-fstack-protector protects vulnerable objects like c-strings.
-fstack-protector-all protects all frames with vulnerable objects,
like an int[].

Do you have vulnerable objects in the stack frame?

Hiroaki Etoh's patch for SSP in GCC can be found at
http://gcc.gnu.org/ml/gcc-patches/2001-06/msg01753.html.

Microsoft has another setting for high-risk source code files: #pragma
strict_gs_check(on). Use it for, for example, a parser that accepts
untrusted input from the internet. I don't believe Linux/GCC has a
similar setting.

Jeff



More information about the cfe-users mailing list