Bug 39218 - a surprising instance of -fstack-protector not protecting
Summary: a surprising instance of -fstack-protector not protecting
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: middle-end (show other bugs)
Version: 4.3.3
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords: documentation
Depends on:
Blocks:
 
Reported: 2009-02-17 18:57 UTC by Paul Stoeber
Modified: 2021-03-23 04:30 UTC (History)
4 users (show)

See Also:
Host:
Target:
Build:
Known to work:
Known to fail:
Last reconfirmed: 2009-04-16 20:43:45


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Stoeber 2009-02-17 18:57:48 UTC
$ cc -v
Using built-in specs.
Target: i686-pc-linux-gnu
Configured with: ./configure --prefix=/gcc
Thread model: posix
gcc version 4.3.3 (GCC)
$ echo 'void f(void) { char buf[50]; g(buf); }' > 1.c
$ echo 'void f(void) { int buf[50]; g(buf); }' > 2.c
$ cc -fstack-protector -c 1.c  # protects
$ cc -fstack-protector -c 2.c  # does not protect
$ objdump -d 1.o

1.o:     file format elf32-i386

Disassembly of section .text:

00000000 <f>:
   0:   55                      push   %ebp
   1:   89 e5                   mov    %esp,%ebp
   3:   83 ec 48                sub    $0x48,%esp
   6:   65 a1 14 00 00 00       mov    %gs:0x14,%eax
   c:   89 45 fc                mov    %eax,-0x4(%ebp)
   f:   31 c0                   xor    %eax,%eax
  11:   8d 45 ca                lea    -0x36(%ebp),%eax
  14:   89 04 24                mov    %eax,(%esp)
  17:   e8 fc ff ff ff          call   18 <f+0x18>
  1c:   8b 45 fc                mov    -0x4(%ebp),%eax
  1f:   65 33 05 14 00 00 00    xor    %gs:0x14,%eax
  26:   74 05                   je     2d <f+0x2d>
  28:   e8 fc ff ff ff          call   29 <f+0x29>
  2d:   c9                      leave
  2e:   c3                      ret
$ objdump -d 2.o

2.o:     file format elf32-i386

Disassembly of section .text:

00000000 <f>:
   0:   55                      push   %ebp
   1:   89 e5                   mov    %esp,%ebp
   3:   81 ec d8 00 00 00       sub    $0xd8,%esp
   9:   8d 85 38 ff ff ff       lea    -0xc8(%ebp),%eax
   f:   89 04 24                mov    %eax,(%esp)
  12:   e8 fc ff ff ff          call   13 <f+0x13>
  17:   c9                      leave
  18:   c3                      ret
$
Comment 1 Andrew Pinski 2009-02-17 19:08:51 UTC
http://gcc.gnu.org/onlinedocs/gcc-4.3.3/gcc/Optimize-Options.html#index-fstack_002dprotector-764

Hmm:
Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call alloca, and functions with buffers larger than 8 bytes. 

Maybe it should say character buffers rather than just buffers here.
Comment 2 Eric Gallager 2015-01-08 17:20:35 UTC
(In reply to Andrew Pinski from comment #1)
> 
> Maybe it should say character buffers rather than just buffers here.

Yeah, that would help clarify stuff a lot... the term "buffer" is kind of ambiguous as it currently stands, which makes it hard to know how exactly how to deal with warnings from "-Wstack-protector"... I had been trying messing with other sorts of buffers besides character buffers before reading this...
Comment 3 Eric Gallager 2017-10-23 15:15:37 UTC
Someone brought this up on the gcc-help mailing list here: https://gcc.gnu.org/ml/gcc-help/2017-10/msg00134.html