On 10/10/20 5:08 AM, Bruno Haible wrote:
On Linux, the kernel allows the stack to grow by any amount, if it does not
become closer than 1 MB to another VMA and does not violate the set limits.
See linux/mm/mmap.c:expand_downwards and linux/mm/mmap.c:acct_stack_growth.
Therefore on Linux, there is no need for a guard page and no need for
'gcc -fstack-clash-protection'.
There's still a need, if a function declares a large local variable, as the
stack pointer can jump around the 1 MB barrier and trash other storage. If I
compile the attached program with 'gcc -m32 -O2 stackish.c' on Fedora 31 x86-64,
the program exits with status 255 (instead of crashing with a stack overflow as
it should), because the stack has overflowed and has stomped on the heap. So
stack overflow checking is not "just working", at least for this particular case.
#include <stdlib.h>
#include <string.h>
int
growby (int bsize, int argc)
{
char b[bsize];
for (int i = 0; i <= argc + 256; i++)
b[i] = i;
return b[argc] - b[argc + 256];
}
int
main (int argc, char **argv)
{
int psize = argc + 1024 * 1024 * 1024;
char *p = calloc (psize, 1);
int bsize = (char *) &p - (p + psize/2);
int status = growby (bsize, argc);
for (int i = 0; i < psize; i++)
status |= p[i]++;
return status;
}
