https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81400
--- Comment #3 from Chris Severance <gccbugzilla.severach at spamgourmet dot com> --- Unless there's a security reason 0 should never be used as a canary value. Errant \0 should be caught 100% of the time. When I built malloc canaries for NPPTextFX I expressly avoided \0. data[SMASH_ALIGN]='f' should be caught by bounds checking or a shadow stack, not ssp. It doesn't overwrite any canaries. It only writes to icanary which is my canary, not a gcc canary. The only time it should be caught by ssp is when icanary is disabled and it overwrites CNRY at the top of the stack. For debug builds canaries should be placed between every stack variable and in the unused space of aligned but undersized variables. Is there such an option?
