Extend -fstack-protector-strong to cover calls with return slot

Florian Weimer fweimer@redhat.com
Wed Jan 8 14:57:00 GMT 2014


On 01/07/2014 02:37 PM, Jakub Jelinek wrote:
> On Tue, Jan 07, 2014 at 02:27:04PM +0100, Florian Weimer wrote:
>> gimplify_modify_expr_rhs, in the CALL_EXPR case:
>>
>> 	      if (use_target)
>> 		{
>> 		  CALL_EXPR_RETURN_SLOT_OPT (*from_p) = 1;
>> 		  mark_addressable (*to_p);
>> 		}
>
> Yeah, that sets it in some cases too, not in other testcases.
>
> Just look at how the flag is used when actually expanding it:
>
>          if (target && MEM_P (target) && CALL_EXPR_RETURN_SLOT_OPT (exp))
>            structure_value_addr = XEXP (target, 0);
>          else
>            {
>              /* For variable-sized objects, we must be called with a target
>                 specified.  If we were to allocate space on the stack here,
>                 we would have no way of knowing when to free it.  */
>              rtx d = assign_temp (rettype, 1, 1);
>              structure_value_addr = XEXP (d, 0);
>              target = 0;
>            }

Okay, I'm beginning to understand.  I tried to actually reach the second 
branch, and ended up with PR59711. :)

foo12 in the new C testcase covers it in part without a variable-sized 
object.

> so, if it is set, the address of the var on the LHS is passed to the
> function as hidden argument, if it is not set, we pass address of
> a stack temporary instead.  Both the automatic var and the stack temporary
> can overflow, if the callee does something wrong.

What about the attached version?  It still does not exactly match your 
original suggestion because gimple_call_lhs (stmt) can be NULL_TREE if 
the result is ignored and this case needs instrumentation, as you 
explained, so I use the function return type in the aggregate_value_p check.

Testing is still under way, but looks good so far.  I'm bootstrapping 
with BOOT_CFLAGS="-O2 -g -fstack-protector-strong" with Ada enabled, for 
additional coverage.

-- 
Florian Weimer / Red Hat Product Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssp-strong-return-20140108.patch
Type: text/x-patch
Size: 5247 bytes
Desc: not available
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20140108/a219ffaa/attachment.bin>


More information about the Gcc-patches mailing list