From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 119954 invoked by alias); 25 Mar 2019 14:01:32 -0000 Mailing-List: contact gcc-help-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-help-owner@gcc.gnu.org Received: (qmail 119943 invoked by uid 89); 25 Mar 2019 14:01:31 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-3.5 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.1 spammy=somewhere, online X-HELO: albireo.enyo.de Received: from albireo.enyo.de (HELO albireo.enyo.de) (5.158.152.32) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 25 Mar 2019 14:01:29 +0000 Received: from [172.17.203.2] (helo=deneb.enyo.de) by albireo.enyo.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1h8QAH-00079S-TV; Mon, 25 Mar 2019 14:01:25 +0000 Received: from fw by deneb.enyo.de with local (Exim 4.92) (envelope-from ) id 1h8QAH-0002sT-QB; Mon, 25 Mar 2019 15:01:25 +0100 From: Florian Weimer To: Xi Ruoyao Cc: Jonny Grant , gcc-help Subject: Re: Recursive SIGSEGV question References: <1255ee27-882f-ab4e-ea45-ba6f35791b45@jguk.org> <877ecuikq9.fsf@mid.deneb.enyo.de> <835d09ce-752a-c0f7-e5cf-210e855df2ab@jguk.org> Date: Mon, 25 Mar 2019 15:47:00 -0000 In-Reply-To: (Xi Ruoyao's message of "Mon, 25 Mar 2019 21:55:56 +0800") Message-ID: <87ef6vkq8a.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00167.txt.bz2 * Xi Ruoyao: > On 2019-03-25 13:06 +0000, Jonny Grant wrote: >>=20 >> I built & ran with the Sanitizer, it seems it's also stack overflow=20 >> within the operator new() >>=20 >> I had thoughts GCC would generate code that monitored the stack size and= =20 >> aborted with a clear message when the stack size was exceeded. Looked=20 >> online, and it doesn't seem to be the case. > > Impossible. We can't distinguish "stack overflow" with other segmentation > faults. I think =E2=80=9Cimpossible=E2=80=9D is too strong. It would be possible to annotate implicit probes and explicit probes generated by -fstack-clash-protection in DWARF, and use that information to generate a more precise error message. Or we could set a bit on the guard page that instructs the kernel to report an additional fault flag somewhere in siginfo_t. In fact, with protection keys, we could do this today, without any kernel changes whatsoever (but protection flags are not widely supported, unfortunately). The second approach will have false positives, but as buffer overflows tend to proceed towards higher addresses and stacks grow downward, only really bogus pointers would be misreported (and once you have those, all bets are off anyway).