On Tue, Jun 3, 2014 at 6:54 AM, Dallman, John <john.dall...@siemens.com> wrote: > On the Windows/MSVC builds of the product I work on, I've turned on the > "GuardStack" compiler option (/GS) which puts in fences to detect buffer > overruns in functions that the compiler thinks need it. Now I'm looking > at other platforms. > > GCC has -fstack-protector and -fstack-protector-all. There's also the fairly > new -fstack-protector-strong, but I need to support Linuxes that are too > old to have that. > > Clang has Address Sanitizer, but that seems to cost too much performance > for production code - with a bit of work, one can get the /GS losses down > to 2% or less with MSVC. > > Clang also accepts GCC's -fstack-protector and -fstack-protector-all, but > they don't seem to do anything: taking assembly listings for a simple test > program compiled with and without -fstack-protector-all and diffing them > reveals no differences at all. I'm using OS X 10.9.2 with a Clang from Xcode > that reports itself as: > > Apple LLVM version 5.0 (clang-500.2.79) (based on LLVM 3.3svn) > > Are -fstack-protector and -fstack-protector-all just being accepted and > ignored? -fstack-protector protects vulnerable objects like c-strings. -fstack-protector-all protects all frames with vulnerable objects, like an int[].
Do you have vulnerable objects in the stack frame? Hiroaki Etoh's patch for SSP in GCC can be found at http://gcc.gnu.org/ml/gcc-patches/2001-06/msg01753.html. Microsoft has another setting for high-risk source code files: #pragma strict_gs_check(on). Use it for, for example, a parser that accepts untrusted input from the internet. I don't believe Linux/GCC has a similar setting. Jeff _______________________________________________ cfe-users mailing list cfe-users@cs.uiuc.edu http://lists.cs.uiuc.edu/mailman/listinfo/cfe-users
