I've posted this to the mailing list and figured i might as well post a bug report to accompany it.
It's not as much of a bug as it a missing feature that gcc3 had. Basically gcc v3 placed padding between the end of local variables and the saved frame pointer or other control information and gcc4 no longer does that, making an off-by-one much more dangerous again (as in gcc v2). Since a lot of security minded things are now included with default gcc and some are default compile options, this is probably an unintended effect of code rewrites. Here's a link to my post that describes it in full: http://gcc.gnu.org/ml/gcc/2007-01/msg00993.html Again: in main(){ char buf[512]; } buf[512] is the LSB of the saved frame pointer or other control information (like %ecx in the new main function). On a gcc3 buf[512] would have just been extra space, making an extra NULL byte not as security-critical. The "-mpreferred-stack-boundary" option should be used when padding is not desired i think. I'm really unqualified though. Good luck, and I appreciate the strides towards security. -- Summary: GCC4 reduces local variable padding, making off-by-one vulnerabilities once again critical Product: gcc Version: 4.0.1 Status: UNCONFIRMED Severity: minor Priority: P3 Component: c AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: defend dot the dot world at gmail dot com GCC build triplet: gcc version 4.0.3 (Ubuntu 4.0.3-1ubuntu5) GCC host triplet: linux 32-bit x86 GCC target triplet: linux 32-bit x86 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30587
