https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112635
Xi Ruoyao <xry111 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |xry111 at gcc dot gnu.org
--- Comment #4 from Xi Ruoyao <xry111 at gcc dot gnu.org> ---
(In reply to Agostino Sarubbo from comment #2)
> (In reply to Richard Biener from comment #1)
> > Yep, GCC fixes the code for you by eliding 'buf'. That's perfectly OK
> > though
> > since the code invokes undefined behavior.
> >
> > I'm inclined to close this as INVALID/WONTFIX, it isn't really a bug
> > (but also not a feature you can rely on of course).
>
> Thanks for the response.
>
> So the question is: to have a reliable ssp, do I have to use -O0 ?
The SSP is reliable in this case because there is no stack smashing, as the
stack access has been optimized away. SSP is a hardening feature, not a debug
feature, so it's not designed for finding bugs in the program.
OTOH sanitizers are debugging features, and both ubsan and asan can detect this
bug.
