This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Stack protector: leak of guard's address on stack


On Fri, Apr 27, 2018 at 01:17:50PM +0100, Thomas Preudhomme wrote:
> It's not the canari which is spilled in this case, but the address to the
> canari. Which means an attacker could make it point to something else than
> the real canari.

When the canary is in TLS area, it is usually small constant away from some
base register (or segment register) and there is no possibility of having
that spilled, the addition is done always in the instruction performing
memory read of the canary.

	Jakub


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]