On 04/14/2013 03:34 AM, Steve Grubb wrote:
-fstack-protector-all really is all. The default in Fedora is 4 bytes which would cover cases where ints and char[] are interposed as in some networking code. But more importantly, the defaul stack-protector only kicks in when the object is a char array. If its an int array or something exotic like an array within a struct, it does not kick in. That is what the -fstack-protector- strong patch provides. Its been floating around the internet and is the default for chrome OS. All the testing I've done shows it catches all stack overflows of all kinds. We really need it integrated with Fedora's gcc.
The basic patch has been committed upstream:
http://gcc.gnu.org/viewcvs/gcc?view=revision&revision=198699
It's still incomplete, though, particularly for C++. Slots for structs returned from functions can be allocated in the caller and are addressable in the callee (as a consequence of the named return value optimization). This means that the calling function should be instrumented with a canary. Han Shen is going to work on a follow-up patch which addresses this gap. Once that additional patch is in, we should consider backporting both patches.