Rodrigo Rebello <rprebe...@gmail.com> writes: > The check for stack-protector support consisted in compiling and linking > the test program below (output by function write_c_skeleton()) with the > compiler flag -fstack-protector-strong first and then with > -fstack-protector-all if the first one failed to work: > > int main(void) { return 0; } > > This caused false positives when using certain toolchains in which the > compiler accepted -fstack-protector-strong but no support was provided > by the C library, since for this stack-protector variant the compiler > emits canary code only for functions that meet specific conditions > (local arrays, memory references to local variables, etc.) and the code > fragment under test included none of them (hence no stack protection > code generated, no link failure). > > This fix changes the test program used for -fstack-protector checks to > include a function that meets conditions which cause the compiler to > generate canary code in all variants. > > Signed-off-by: Rodrigo Rebello <rprebe...@gmail.com> > --- > configure | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > > diff --git a/configure b/configure > index 46fd8bd..c3d9592 100755 > --- a/configure > +++ b/configure > @@ -1486,6 +1486,24 @@ for flag in $gcc_flags; do > done > > if test "$stack_protector" != "no"; then > + cat > $TMPC << EOF > +void foo(const char *c); > + > +void foo(const char *c) > +{ > + char arr[64], *p; > + for (p = arr; *c; c++, p++) { > + *p = *c; > + } > +} > + > +int main(void) > +{ > + char c[] = ""; > + foo(c);
Why not simply foo("")? Could the optimizer optimize away the pattern that triggers the canary? To protect against that possibility, we could use int main(int argc, char *argv[]) { foo(argv[0]); } > + return 0; > +} > +EOF > gcc_flags="-fstack-protector-strong -fstack-protector-all" > sp_on=0 > for flag in $gcc_flags; do