This repository has been archived by the owner on Jun 1, 2023. It is now read-only.
Add -fstack-check #297
Assignees
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
See https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt why.
It adds a NULL byte every 4KB (page) when growing the stack, i.e. many or big local vars, varargs or alloca. https://gcc.gnu.org/onlinedocs/gccint/Stack-Checking.html
We don't yet use alloca, but if so check the sign and range of the arg. Check all recursion depths. cperl fixed a regcomp recursion overflow #293 just last week, which is still present in perl5.26. perl5 upstream has a lot of these.
Benchmarks: On linux the slowdown is significant 4-7%, on darwin < 1%.
But on Linux/BSD/Solaris it should be recommended. Linux 32bit >2.6 being the worst. Windows is safe.
Exploiting exim on debian 32bit was trivial, and the BSD's are totally unprotected.
Compilers: gcc has it since at least 2.95.3 according to the docs, clang only since 3.6.
The text was updated successfully, but these errors were encountered: