56046 – the buffer overflow can escape from the stack protection in 64-bit linux system

Bug 56046 - the buffer overflow can escape from the stack protection in 64-bit linux system

Summary: the buffer overflow can escape from the stack protection in 64-bit linux system

Status:	UNCONFIRMED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	middle-end (show other bugs)
Version:	4.6.3

Importance:	P3 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-01-19 13:40 UTC by CocooWang
Modified:	2013-01-19 16:47 UTC (History)
CC List:	0 users

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
the bug code (163 bytes, text/x-csrc) 2013-01-19 13:40 UTC, CocooWang	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description CocooWang 2013-01-19 13:40:19 UTC

Created attachment 29219 [details]
the bug code

system version :64-bit Ubuntu 12.04 lts
gcc version: 4.6.3
options:gcc source.c -o source
When compile and run a program with an error which will cause buffer overflow,the compiler can not dectect it.
The program below can compile and run correctly in my system(also works on my friend system which is no ubuntu but with gcc version 4.5.0)
#include <stdio.h>
#include <string.h>
main()
{
	const char *a="123456789abcdef";
	char b[10];
	int i=0;
	while((b[i]=a[i])!='\0')
	  ++i;
	printf("%s,%d\n",b,strlen(b));
	return 0;
}
I attempt to copy a string whose length is 15 to a array whose length is 10,and it compiles and run correctly.The output is "123456789abcdef,15".
p.s. This will not succeed in 32-bit linux system.

Comment 1 CocooWang 2013-01-19 13:54:22 UTC

My freinds tests my code in CentOS!

Comment 2 Andreas Schwab 2013-01-19 16:16:08 UTC

The stack protection code cannot guarantee to detect every error.