Do we want to add -fsanitize=function?

Martin Liška mliska@suse.cz
Tue Jan 14 14:55:00 GMT 2020


On 1/14/20 1:59 PM, Jakub Jelinek wrote:
> On Tue, Jan 14, 2020 at 01:57:47PM +0100, Martin Liška wrote:
>>> seems to be what they emit on x86_64.  Now, wonder what they do on other
>>> targets
>>
>> Other targets are not supported :P
>>
>>> , and how does it play with all the other options that add stuff
>>> to the start of functions, e.g. -fcf-protection=full (where it needs to
>>> really start with endbr64 instruction)
>>
>> Using the options one will get:
>>
>> _Z4savev:                               # @_Z4savev
>> 	.cfi_startproc
>> 	.long	846595819               # 0x327606eb
>> 	.long	.L__unnamed_2-_Z4savev
>> # %bb.0:
>> 	endbr64
>>
>> So endbr64 is placed after the RTTI record.
> 
> Which is wrong, this will then fail on CET hardware.

Sure, which is a minor limitation. FCF is supposed to be production
security feature while UBSAN is more for a testing playground.

Martin

> 
> 	Jakub
> 



More information about the Gcc mailing list