[cfe-users] Does -fstack-protector[-all] actually do anything?

Dallman, John john.dallman at siemens.com
Tue Jun 3 05:26:00 PDT 2014

Jeffrey Walton [mailto:noloader at gmail.com] wrote:

> -fstack-protector protects vulnerable objects like c-strings.
> -fstack-protector-all protects all frames with vulnerable objects, like an int[].
> Do you have vulnerable objects in the stack frame?

Yes. A char array in a stack frame, which for test purposes I'm deliberately
over-running with an over-length strcpy.

> Hiroaki Etoh's patch for SSP in GCC can be found at
> http://gcc.gnu.org/ml/gcc-patches/2001-06/msg01753.html.

Yes ... I'm not clear what good this does me with Clang.

> Microsoft has another setting for high-risk source code files: #pragma
> strict_gs_check(on). Use it for, for example, a parser that accepts
> untrusted input from the internet. I don't believe Linux/GCC has a
> similar setting.

Yup. I don’t have anything that's truly high-risk, but we document that
option for our Windows customers to use where appropriate. The product
is a closed-source mathematical modelling library that gets embedded
in end-user applications by our customers.

John Dallman
Siemens Industry Software Limited is a limited company registered in England and Wales.
Registered number: 3476850.
Registered office: Faraday House, Sir William Siemens Square, Frimley, Surrey, GU16 8QD.

More information about the cfe-users mailing list