From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23971 invoked by alias); 25 Mar 2019 18:56:52 -0000 Mailing-List: contact gcc-help-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-help-owner@gcc.gnu.org Received: (qmail 23686 invoked by uid 89); 25 Mar 2019 18:56:51 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=mandated, somewhere, online X-HELO: gate.crashing.org Received: from gate.crashing.org (HELO gate.crashing.org) (63.228.1.57) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 25 Mar 2019 18:56:50 +0000 Received: from gate.crashing.org (localhost.localdomain [127.0.0.1]) by gate.crashing.org (8.14.1/8.14.1) with ESMTP id x2PItThe027538; Mon, 25 Mar 2019 13:55:38 -0500 Received: (from segher@localhost) by gate.crashing.org (8.14.1/8.14.1/Submit) id x2PIsxmJ027447; Mon, 25 Mar 2019 13:54:59 -0500 Date: Mon, 25 Mar 2019 20:28:00 -0000 From: Segher Boessenkool To: Florian Weimer Cc: Xi Ruoyao , Jonny Grant , gcc-help Subject: Re: Recursive SIGSEGV question Message-ID: <20190325185454.GM3969@gate.crashing.org> References: <1255ee27-882f-ab4e-ea45-ba6f35791b45@jguk.org> <877ecuikq9.fsf@mid.deneb.enyo.de> <835d09ce-752a-c0f7-e5cf-210e855df2ab@jguk.org> <87ef6vkq8a.fsf@mid.deneb.enyo.de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87ef6vkq8a.fsf@mid.deneb.enyo.de> User-Agent: Mutt/1.4.2.3i X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00175.txt.bz2 On Mon, Mar 25, 2019 at 03:01:25PM +0100, Florian Weimer wrote: > * Xi Ruoyao: > > > On 2019-03-25 13:06 +0000, Jonny Grant wrote: > >> > >> I built & ran with the Sanitizer, it seems it's also stack overflow > >> within the operator new() > >> > >> I had thoughts GCC would generate code that monitored the stack size and > >> aborted with a clear message when the stack size was exceeded. Looked > >> online, and it doesn't seem to be the case. > > > > Impossible. We can't distinguish "stack overflow" with other segmentation > > faults. > > I think “impossible” is too strong. > > It would be possible to annotate implicit probes and explicit probes > generated by -fstack-clash-protection in DWARF, and use that > information to generate a more precise error message. > > Or we could set a bit on the guard page that instructs the kernel to > report an additional fault flag somewhere in siginfo_t. In fact, with > protection keys, we could do this today, without any kernel changes > whatsoever (but protection flags are not widely supported, > unfortunately). > > The second approach will have false positives, but as buffer overflows > tend to proceed towards higher addresses and stacks grow downward, > only really bogus pointers would be misreported (and once you have > those, all bets are off anyway). Another thing that could be done is looking if the instruction that faulted uses the (ABI or arch mandated) stack pointer. This will catch most common cases, for example most unbounded recursions. It isn't perfect of course but would be quite helpful normally, esp. if it said something like "this look like a stack overflow". Segher