[Bug other/28328] Stack smash protection non-verbose
nigelenki at comcast dot net
gcc-bugzilla@gcc.gnu.org
Tue Jul 11 05:49:00 GMT 2006
------- Comment #12 from nigelenki at comcast dot net 2006-07-11 05:49 -------
(In reply to comment #10)
> (In reply to comment #8)
>
> That is just a simple (obvious) example, you seem to not understand how real
> code looks like. You might instead have:
>
> int f(int a, int b)
> {
> int f[10];
> .....
> f[a] = 1;
> ....
> return f[b];
> }
>
> Where you know that a should be between 0 and 9 but comming into the function
> it is not, so the value of a is wrong and you have to track down why that is
> which can be a million lines in execution before calling of f. This is a stack
> smashing bug also, yes a less common one than the obvious ones which you showed
> but it is still going to happen. The obvious ones are easy to find in an audit
> of the code, unlike this one. You can add asserts to the function but that
> will produce as much useful info as the info you want from the stack smasher.
> It is only useful for starting to debug the program, even then you get the
> information just as quick from the debugger.
>
You make the assumption that I somehow know the bug is in f(). What if I have
a 64 million line program with several hundred thousand functions like this,
and the bug is obscure and hard to reproduce? Where do I start? How do I know
the bug is in f()?
(In reply to comment #11)
> (In reply to comment #9)
...
>
> I am not saying ssp is bad, I am saying it is only a small tool in
> debuging/development and should be kept that way.
Don't worry, it will be. I am only interested in getting a facility to obtain
information that says to "start somewhere around here."
> If there are trust problems,
> then ssp is used and the end user is not trusting the developer of the program
> anyways.
SSP is a safety net. If you can't trust the developer of the program, then you
assume the program is malicious, and don't run it because it's backdoored. SSP
is not a tool to stop untrusted developers, it's a tool to catch minor
mistakes.
.....
> You forget about
> real end users like say a game player. He does not care why your program
> crashes, he just wants a fix or he might just ask for a refund since your
> program does not work.
>
"I am experiencing a crash on level 10, sometimes when I enter this room"
"OK we'll look into it" *months go by*
How about:
"I am experiencing a crash on level 10, sometimes when I enter this room"
"OK, look in ~/level_10_dump.dbg, send me that file" (game supplies an
overriden __stack_chk_fail() that also spits out a debug file) *patch released
4 days later*
I've heard enough stories about being on the phone with Apple for a total of 50
hours or whatnot, it's been fun but I'd rather just e-mail a file or copy-paste
a line of text and be done.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28328
More information about the Gcc-bugs
mailing list