http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59750
Bug ID: 59750 Summary: stack protector does not catch 1 byte overwrite of char[10] array Product: gcc Version: 4.8.2 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: martin at netbsd dot org This test program correctly dies when compiled with gcc 4.5.4: #include <string.h> int main(int argc, char **argv) { char b[10]; strcpy(b, "1"); strcat(b, "012345678"); return 0; } but when compiled with gcc 4.8.2 it does not cause an abort on sparc64: $ /usr/pkg/gcc48/bin/cc -fstack-protector -O0 test.c $ ./a.out $ Using a few more chars ("0123456789ABCDE") in the strcat make ssp catch it. $ /usr/pkg/gcc48/bin/cc -v Using built-in specs. COLLECT_GCC=/usr/pkg/gcc48/bin/cc COLLECT_LTO_WRAPPER=/usr/pkg/gcc48/libexec/gcc/sparc64--netbsd/4.8.2/lto-wrapper Target: sparc64--netbsd Configured with: ../gcc-4.8.2/configure --enable-languages='c c++' --enable-shared --enable-long-long --with-local-prefix=/usr/pkg/gcc48 --enable-libssp --enable-threads=posix --with-boot-ldflags='-static-libstdc++ -static-libgcc -Wl,-R/usr/pkg/lib ' --with-gnu-ld --with-ld=/usr/bin/ld --with-gnu-as --with-as=/usr/bin/as --disable-nls --with-gmp=/usr/pkg --with-mpc=/usr/pkg --with-mpfr=/usr/pkg --enable-__cxa_atexit --with-gxx-include-dir=/usr/pkg/gcc48/include/c++/ --prefix=/usr/pkg/gcc48 --build=sparc64--netbsd --host=sparc64--netbsd --infodir=/usr/pkg/gcc48/info --mandir=/usr/pkg/gcc48/man Thread model: posix gcc version 4.8.2 (GCC)