You copied the Doc URL to your clipboard.

--protect_stack, --no_protect_stack

Inserts a guard variable onto the stack frame for each vulnerable function.

The guard variable is inserted between any buffers and the return address entry.

A function is considered vulnerable if it contains a vulnerable array. A vulnerable array is one that has:

  • Automatic storage duration.

  • A character type (char or wchar_t).

In addition to inserting the guard variable and check, the compiler also moves vulnerable arrays to the top of the stack, immediately preceding the guard variable. The compiler stores a copy of the guard variable's value at another location, and uses the copy to check that the guard has not been overwritten, indicating a buffer overflow.

Usage

Use --protect_stack to enable the stack protection feature. Use --no_protect_stack to explicitly disable this feature. If both options are specified, the last option specified takes effect.

The --protect_stack_all option adds this protection to all functions regardless of their vulnerability.

With stack protection, when a vulnerable function is called, the initial value of its guard variable is taken from a global variable:

void *__stack_chk_guard;

You must provide this variable with a suitable value, such as a random value. The value can change during the life of the program. For example, a suitable implementation might be to have the value constantly changed by another thread. In addition, you must implement this function:

void __stack_chk_fail(void);

It is called by the checking code on detection of corruption of the guard. In general, such a function would exit, possibly after reporting a fault.

For consistency with GNU tools, the option -fstack-protector is treated identically to --protect-stack. Similarly, the -fstack-protector-all option is treated identically to --protect_stack_all.

Default

The default is --no_protect_stack.

Example

In the following function, the array buf is vulnerable and the function is protected when compiled with --protect_stack:

void copy(const char *p)
{
    char buf[4];
    strcpy(buf, p);
}
Was this page helpful? Yes No