[Bug middle-end/81400] Stack smashing not caught by stack protector strong and allowing me to stack smash

amonakov at gcc dot gnu.org Mon, 31 Jul 2017 06:28:27 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81400


Alexander Monakov <amonakov at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |amonakov at gcc dot gnu.org

--- Comment #6 from Alexander Monakov <amonakov at gcc dot gnu.org> ---
TLS canary is initialized by the libc; in Glibc sources you can grep for
THREAD_STACK_SET_GUARD.

In this example the leftmost byte of the SSP canary is overwritten by a zero.
This does not change the canary because Glibc deliberately zeroes that leftmost
byte (presumably, to harden against information-leak attacks when a string
function like strcpy can be used to copy the canary value in an
attacker-controlled manner):

https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/dl-osinfo.h;h=823cd8224df939134018fbd8f0227e9f501393ab;hb=HEAD#l63

So what is the GCC bug here? What do we want to change?

[Bug middle-end/81400] Stack smashing not caught by stack protector strong and allowing me to stack smash

Reply via email to