public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/59750] New: stack protector does not catch 1 byte overwrite of char[10] array
@ 2014-01-10 9:38 martin at netbsd dot org
2014-01-10 10:32 ` [Bug c/59750] " jakub at gcc dot gnu.org
0 siblings, 1 reply; 2+ messages in thread
From: martin at netbsd dot org @ 2014-01-10 9:38 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59750
Bug ID: 59750
Summary: stack protector does not catch 1 byte overwrite of
char[10] array
Product: gcc
Version: 4.8.2
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: martin at netbsd dot org
This test program correctly dies when compiled with gcc 4.5.4:
#include <string.h>
int main(int argc, char **argv)
{
char b[10];
strcpy(b, "1");
strcat(b, "012345678");
return 0;
}
but when compiled with gcc 4.8.2 it does not cause an abort on sparc64:
$ /usr/pkg/gcc48/bin/cc -fstack-protector -O0 test.c
$ ./a.out
$
Using a few more chars ("0123456789ABCDE") in the strcat make ssp catch it.
$ /usr/pkg/gcc48/bin/cc -v
Using built-in specs.
COLLECT_GCC=/usr/pkg/gcc48/bin/cc
COLLECT_LTO_WRAPPER=/usr/pkg/gcc48/libexec/gcc/sparc64--netbsd/4.8.2/lto-wrapper
Target: sparc64--netbsd
Configured with: ../gcc-4.8.2/configure --enable-languages='c c++'
--enable-shared --enable-long-long --with-local-prefix=/usr/pkg/gcc48
--enable-libssp --enable-threads=posix --with-boot-ldflags='-static-libstdc++
-static-libgcc -Wl,-R/usr/pkg/lib ' --with-gnu-ld --with-ld=/usr/bin/ld
--with-gnu-as --with-as=/usr/bin/as --disable-nls --with-gmp=/usr/pkg
--with-mpc=/usr/pkg --with-mpfr=/usr/pkg --enable-__cxa_atexit
--with-gxx-include-dir=/usr/pkg/gcc48/include/c++/ --prefix=/usr/pkg/gcc48
--build=sparc64--netbsd --host=sparc64--netbsd --infodir=/usr/pkg/gcc48/info
--mandir=/usr/pkg/gcc48/man
Thread model: posix
gcc version 4.8.2 (GCC)
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug c/59750] stack protector does not catch 1 byte overwrite of char[10] array
2014-01-10 9:38 [Bug c/59750] New: stack protector does not catch 1 byte overwrite of char[10] array martin at netbsd dot org
@ 2014-01-10 10:32 ` jakub at gcc dot gnu.org
0 siblings, 0 replies; 2+ messages in thread
From: jakub at gcc dot gnu.org @ 2014-01-10 10:32 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59750
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |jakub at gcc dot gnu.org
Resolution|--- |INVALID
--- Comment #1 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
Why do you think this should be caught, that is not what -fstack-protector is
meant to protect. After 10 bytes long buffer there is likely to be padding, so
1 byte overflow will unlikely clobber the stack canary. SSP only is about
prevention of overwriting function return address and caller's stack frames.
Use -D_FORTIFY_SOURCE=2, -fsanitize=address, -fmudflap etc. if you want this to
be caught.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-01-10 10:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-01-10 9:38 [Bug c/59750] New: stack protector does not catch 1 byte overwrite of char[10] array martin at netbsd dot org
2014-01-10 10:32 ` [Bug c/59750] " jakub at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).