* problem with i686-w64-mingw32-gcc -fstack-protector-all
@ 2017-10-03 18:26 Lee
2017-10-04 19:18 ` Christian Franke
0 siblings, 1 reply; 4+ messages in thread
From: Lee @ 2017-10-03 18:26 UTC (permalink / raw)
To: cygwin
Maybe I'm just Doing It Wrong, but
gcc -fstack-protector-all
seems to be working correctly &
i686-w64-mingw32-gcc -fstack-protector-all
seems to be broken - eg:
$./ssp testtestx
Illegal instruction
printf's that happen before the stack over-write don't show up & no
"*** stack smashing detected ***" msg is printed before the "Illegal
instruction"
STC:
$cat doit
#!/bin/sh
LIB="-lssp"
set -x
cat main-ssp.c
cat func-ssp.c
i686-w64-mingw32-gcc -c -fstack-protector-all func-ssp.c -o func-ssp.o
i686-w64-mingw32-gcc -c -fstack-protector-all main-ssp.c -o main-ssp.o
i686-w64-mingw32-gcc -static -o ssp.exe func-ssp.o main-ssp.o $LIB
./ssp.exe testtestx
echo -e '\n\n'
gcc -c -fstack-protector-all func-ssp.c -o cyg-func-ssp.o
gcc -c -fstack-protector-all main-ssp.c -o cyg-main-ssp.o
gcc -static -o cyg-ssp.exe cyg-func-ssp.o cyg-main-ssp.o $LIB
./cyg-ssp.exe testtestx
$./doit
+ cat main-ssp.c
/* stack smashing protection
i686-w64-mingw32-gcc -c -fstack-protector-all -o func-ssp.o func-ssp.c
i686-w64-mingw32-gcc -c -fstack-protector-all -o main-ssp.o main-ssp.c
i686-w64-mingw32-gcc -o ssp.exe main-ssp.o func-ssp.o
./ssp testtestx
*** should die ***
*/
#include <stdio.h>
#include <string.h>
extern int doit(char *s );
int main(int argc, char *argv[])
{
int status=0;
printf("main: argv[1]=%s\n", argv[1] );
status = doit(argv[1]);
if ( status != 1 ) printf("OhNoes!! doit returned %d\n", status );
printf("main: exit\n" );
return 0;
}
+ cat func-ssp.c
/* stack smashing protection test */
#include <stdio.h>
#include <string.h>
extern
int doit(char *s ) {
char buf[]="12345678";
int i=0;
if ( *s != '\0' ) i = 1; /* return true */
printf("doit: s=\"%s\" buf=\"%s\" i=%d\n", s, buf, i );
strcpy(buf, s);
/* buffer overflow into return status(int i) if strlen(s) > 8 */
printf("doit: s=\"%s\" buf=\"%s\" i=%d\n", s, buf, i );
return i;
}
+ i686-w64-mingw32-gcc -c -fstack-protector-all func-ssp.c -o func-ssp.o
+ i686-w64-mingw32-gcc -c -fstack-protector-all main-ssp.c -o main-ssp.o
+ i686-w64-mingw32-gcc -static -o ssp.exe func-ssp.o main-ssp.o -lssp
+ ./ssp.exe testtestx
./doit: line 11: 9128 Illegal instruction ./ssp.exe testtestx
+ echo -e '\n\n'
+ gcc -c -fstack-protector-all func-ssp.c -o cyg-func-ssp.o
+ gcc -c -fstack-protector-all main-ssp.c -o cyg-main-ssp.o
+ gcc -static -o cyg-ssp.exe cyg-func-ssp.o cyg-main-ssp.o -lssp
+ ./cyg-ssp.exe testtestx
main: argv[1]=testtestx
doit: s="testtestx" buf="12345678" i=1
doit: s="testtestx" buf="testtestx" i=1
*** stack smashing detected ***: terminated
./doit: line 18: 2336 Illegal instruction (core dumped)
./cyg-ssp.exe testtestx
$
$ gcc --version
gcc (GCC) 6.4.0
Copyright (C) 2017 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
$ i686-w64-mingw32-gcc --version
i686-w64-mingw32-gcc (GCC) 6.3.0
Copyright (C) 2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Thanks,
Lee
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: problem with i686-w64-mingw32-gcc -fstack-protector-all
2017-10-03 18:26 problem with i686-w64-mingw32-gcc -fstack-protector-all Lee
@ 2017-10-04 19:18 ` Christian Franke
2017-10-05 5:41 ` Lee
0 siblings, 1 reply; 4+ messages in thread
From: Christian Franke @ 2017-10-04 19:18 UTC (permalink / raw)
To: cygwin
Lee wrote:
> Maybe I'm just Doing It Wrong, but
> gcc -fstack-protector-all
> seems to be working correctly &
> i686-w64-mingw32-gcc -fstack-protector-all
> seems to be broken - eg:
>
> $./ssp testtestx
> Illegal instruction
>
> printf's that happen before the stack over-write don't show up & no
> "*** stack smashing detected ***" msg is printed before the "Illegal
> instruction"
> ...
>
> extern
> int doit(char *s ) {
> char buf[]="12345678";
> int i=0;
> if ( *s != '\0' ) i = 1; /* return true */
> printf("doit: s=\"%s\" buf=\"%s\" i=%d\n", s, buf, i );
> strcpy(buf, s);
> /* buffer overflow into return status(int i) if strlen(s) > 8 */
> printf("doit: s=\"%s\" buf=\"%s\" i=%d\n", s, buf, i );
> return i;
> }
>
> + i686-w64-mingw32-gcc -c -fstack-protector-all func-ssp.c -o func-ssp.o
> + i686-w64-mingw32-gcc -c -fstack-protector-all main-ssp.c -o main-ssp.o
> + i686-w64-mingw32-gcc -static -o ssp.exe func-ssp.o main-ssp.o -lssp
BTW: There is no need to link with -lssp if the related code generation
option -fstack-protector* is also used during link.
> + ./ssp.exe testtestx
> ./doit: line 11: 9128 Illegal instruction ./ssp.exe testtestx
> + echo -e '\n\n'
>
The *** stack smashing detected *** message from MinGW runtime is only
visible if stdio is attached to a Windows console.
Works for me if one more overflow char is added:
Cygwin mintty:
$ ./ssp testtestx
main: argv[1]=testtestx
doit: s="testtestx" buf="12345678" i=1
doit: s="testtestx" buf="testtestx" i=1
main: exit
$ ./ssp testtestxx
Illegal instruction
Cygwin in Windows console (cygwin.bat):
$ ./ssp testtestxx
main: argv[1]=testtestxx
doit: s="testtestxx" buf="12345678" i=1
doit: s="testtestxx" buf="testtestxx" i=1
*** stack smashing detected ***: terminated
Illegal instruction
cmd.exe in Windows console:
C:\cygwin\tmp>.\ssp.exe testtestxx
main: argv[1]=testtestxx
doit: s="testtestxx" buf="12345678" i=1
doit: s="testtestxx" buf="testtestxx" i=1
*** stack smashing detected ***: terminated
[Windows Message Box: Debug/Abort Program ?]
Christian
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: problem with i686-w64-mingw32-gcc -fstack-protector-all
2017-10-04 19:18 ` Christian Franke
@ 2017-10-05 5:41 ` Lee
2017-10-08 12:59 ` Christian Franke
0 siblings, 1 reply; 4+ messages in thread
From: Lee @ 2017-10-05 5:41 UTC (permalink / raw)
To: cygwin
On 10/4/17, Christian Franke wrote:
> Lee wrote:
>> Maybe I'm just Doing It Wrong, but
>> gcc -fstack-protector-all
>> seems to be working correctly &
>> i686-w64-mingw32-gcc -fstack-protector-all
>> seems to be broken - eg:
>>
>> $./ssp testtestx
>> Illegal instruction
>>
>> printf's that happen before the stack over-write don't show up & no
>> "*** stack smashing detected ***" msg is printed before the "Illegal
>> instruction"
>> ...
>>
>> extern
>> int doit(char *s ) {
>> char buf[]="12345678";
>> int i=0;
>> if ( *s != '\0' ) i = 1; /* return true */
>> printf("doit: s=\"%s\" buf=\"%s\" i=%d\n", s, buf, i );
>> strcpy(buf, s);
>> /* buffer overflow into return status(int i) if strlen(s) > 8 */
>> printf("doit: s=\"%s\" buf=\"%s\" i=%d\n", s, buf, i );
>> return i;
>> }
>>
>> + i686-w64-mingw32-gcc -c -fstack-protector-all func-ssp.c -o func-ssp.o
>> + i686-w64-mingw32-gcc -c -fstack-protector-all main-ssp.c -o main-ssp.o
>> + i686-w64-mingw32-gcc -static -o ssp.exe func-ssp.o main-ssp.o -lssp
>
> BTW: There is no need to link with -lssp if the related code generation
> option -fstack-protector* is also used during link.
Thanks for that!
I would have never guessed that a compile-time switch would have an
effect if all you're doing is linking.
>> + ./ssp.exe testtestx
>> ./doit: line 11: 9128 Illegal instruction ./ssp.exe testtestx
>> + echo -e '\n\n'
>>
>
> The *** stack smashing detected *** message from MinGW runtime is only
> visible if stdio is attached to a Windows console.
Yes!
But even after re-reading https://github.com/mintty/mintty/wiki/Tips &
https://github.com/mintty/mintty/issues/56 I'm still missing why _no_
output is displayed before the 'Illegal instruction' output line.
Without a stack overflow I see:
$ ./ssp test
main: argv[1]=test
doit: s="test" buf="12345678" i=1
doit: s="test" buf="test" i=1
main: exit
so it seems like I should have gotten at least the first two lines of output.
> Works for me if one more overflow char is added:
>
> Cygwin mintty:
>
> $ ./ssp testtestx
> main: argv[1]=testtestx
> doit: s="testtestx" buf="12345678" i=1
> doit: s="testtestx" buf="testtestx" i=1
> main: exit
Interesting. I have Windows 10 & i686-w64-mingw32-gcc (GCC) 6.3.0 you?
> $ ./ssp testtestxx
> Illegal instruction
>
>
> Cygwin in Windows console (cygwin.bat):
>
> $ ./ssp testtestxx
> main: argv[1]=testtestxx
> doit: s="testtestxx" buf="12345678" i=1
> doit: s="testtestxx" buf="testtestxx" i=1
> *** stack smashing detected ***: terminated
> Illegal instruction
>
>
> cmd.exe in Windows console:
>
> C:\cygwin\tmp>.\ssp.exe testtestxx
> main: argv[1]=testtestxx
> doit: s="testtestxx" buf="12345678" i=1
> doit: s="testtestxx" buf="testtestxx" i=1
> *** stack smashing detected ***: terminated
> [Windows Message Box: Debug/Abort Program ?]
I get the same with the cygwin.bat console window; a straight dos
(cmd.exe) console window has a 10 second delay after
*** stack smashing detected ***: terminated
is displayed before I get the
------------------------
ssp.exe has stopped working
A problem caused the program to stop working
correctly. Please close the program.
-> Close the program
------------------------
pop-up window
Anyway.. Thank you!! It's been driving me nuts trying to figure out
why all I get is 'Illegal instruction'
Lee
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: problem with i686-w64-mingw32-gcc -fstack-protector-all
2017-10-05 5:41 ` Lee
@ 2017-10-08 12:59 ` Christian Franke
0 siblings, 0 replies; 4+ messages in thread
From: Christian Franke @ 2017-10-08 12:59 UTC (permalink / raw)
To: cygwin
Lee wrote:
>
>>> + ./ssp.exe testtestx
>>> ./doit: line 11: 9128 Illegal instruction ./ssp.exe testtestx
>>> + echo -e '\n\n'
>>>
>> The *** stack smashing detected *** message from MinGW runtime is only
>> visible if stdio is attached to a Windows console.
> Yes!
> But even after re-reading https://github.com/mintty/mintty/wiki/Tips &
> https://github.com/mintty/mintty/issues/56 I'm still missing why _no_
> output is displayed before the 'Illegal instruction' output line.
Stdio streams are usually full buffered if not attached to a
tty/console. Buffers are flushed on regular exit(), but not on abnormal
termination. Add fflush() calls to fix.
>> Works for me if one more overflow char is added:
>>
>> Cygwin mintty:
>>
>> $ ./ssp testtestx
>> main: argv[1]=testtestx
>> doit: s="testtestx" buf="12345678" i=1
>> doit: s="testtestx" buf="testtestx" i=1
>> main: exit
> Interesting. I have Windows 10 & i686-w64-mingw32-gcc (GCC) 6.3.0 you?
Same (Win10.0.15063 x64 German).
> ...
>
> Anyway.. Thank you!! It's been driving me nuts trying to figure out
> why all I get is 'Illegal instruction'
The 'Illegal instruction' is printed by the Cygwin shell because the
program fails with STATUS_ILLEGAL_INSTRUCTION which is mapped to SIGILL.
The libspp code[1] shows that the program is terminated with
__builtin_trap(). GCC then generates the x86 instruction UD2 ("defined"
as "undefined instruction" :-)
In the MinGW case, stack error messages are written to CONOUT$ or are
not written if no console is attached (Cygwin and others: /dev/tty or
syslog()).
Christian
[1]
https://gcc.gnu.org/viewcvs/gcc/trunk/libssp/ssp.c?revision=233253&view=markup
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-10-08 12:59 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-03 18:26 problem with i686-w64-mingw32-gcc -fstack-protector-all Lee
2017-10-04 19:18 ` Christian Franke
2017-10-05 5:41 ` Lee
2017-10-08 12:59 ` Christian Franke
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).