[cfe-users] Does -fstack-protector[-all] actually do anything?
Dallman, John
john.dallman at siemens.com
Tue Jun 3 05:26:00 PDT 2014
Jeffrey Walton [mailto:noloader at gmail.com] wrote:
> -fstack-protector protects vulnerable objects like c-strings.
> -fstack-protector-all protects all frames with vulnerable objects, like an int[].
>
> Do you have vulnerable objects in the stack frame?
Yes. A char array in a stack frame, which for test purposes I'm deliberately
over-running with an over-length strcpy.
> Hiroaki Etoh's patch for SSP in GCC can be found at
> http://gcc.gnu.org/ml/gcc-patches/2001-06/msg01753.html.
Yes ... I'm not clear what good this does me with Clang.
> Microsoft has another setting for high-risk source code files: #pragma
> strict_gs_check(on). Use it for, for example, a parser that accepts
> untrusted input from the internet. I don't believe Linux/GCC has a
> similar setting.
Yup. I don’t have anything that's truly high-risk, but we document that
option for our Windows customers to use where appropriate. The product
is a closed-source mathematical modelling library that gets embedded
in end-user applications by our customers.
--
John Dallman
-----------------
Siemens Industry Software Limited is a limited company registered in England and Wales.
Registered number: 3476850.
Registered office: Faraday House, Sir William Siemens Square, Frimley, Surrey, GU16 8QD.
More information about the cfe-users
mailing list