[Bug tree-optimization/112635] stack smash protection does not work when code is compiled with -O
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112635 Xi Ruoyao changed: What|Removed |Added CC||xry111 at gcc dot gnu.org --- Comment #4 from Xi Ruoyao --- (In reply to Agostino Sarubbo from comment #2) > (In reply to Richard Biener from comment #1) > > Yep, GCC fixes the code for you by eliding 'buf'. That's perfectly OK > > though > > since the code invokes undefined behavior. > > > > I'm inclined to close this as INVALID/WONTFIX, it isn't really a bug > > (but also not a feature you can rely on of course). > > Thanks for the response. > > So the question is: to have a reliable ssp, do I have to use -O0 ? The SSP is reliable in this case because there is no stack smashing, as the stack access has been optimized away. SSP is a hardening feature, not a debug feature, so it's not designed for finding bugs in the program. OTOH sanitizers are debugging features, and both ubsan and asan can detect this bug.
[Bug tree-optimization/112635] stack smash protection does not work when code is compiled with -O
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112635 Agostino Sarubbo changed: What|Removed |Added Status|UNCONFIRMED |RESOLVED Resolution|--- |INVALID --- Comment #3 from Agostino Sarubbo --- (In reply to Richard Biener from comment #1) > Yep, GCC fixes the code for you by eliding 'buf' With a tool like https://godbolt.org/ I now get what you mean, so I'm closing this as invalid by myself
[Bug tree-optimization/112635] stack smash protection does not work when code is compiled with -O
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112635 --- Comment #2 from Agostino Sarubbo --- (In reply to Richard Biener from comment #1) > Yep, GCC fixes the code for you by eliding 'buf'. That's perfectly OK though > since the code invokes undefined behavior. > > I'm inclined to close this as INVALID/WONTFIX, it isn't really a bug > (but also not a feature you can rely on of course). Thanks for the response. So the question is: to have a reliable ssp, do I have to use -O0 ?
[Bug tree-optimization/112635] stack smash protection does not work when code is compiled with -O
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112635 Richard Biener changed: What|Removed |Added Component|libgcc |tree-optimization --- Comment #1 from Richard Biener --- Yep, GCC fixes the code for you by eliding 'buf'. That's perfectly OK though since the code invokes undefined behavior. I'm inclined to close this as INVALID/WONTFIX, it isn't really a bug (but also not a feature you can rely on of course).