Re: [Mingw-w64-public] [PATCH] crt/ssp: disable premature stack protection at canary init

Thu, 03 Jul 2025 10:12:43 -0700 

Hi LIU Hao,
I've borrowed the term 'canary' from the few documentation bits.
https://www.redhat.com/en/blog/security-technologies-stack-smashing-protection-stackguard
https://lwn.net/Articles/584225/
https://wiki.osdev.org/Stack_Smashing_Protector
But I used it too loosely.

The updated patch is below:

---

From 6ea065be6a832a8359b77c373521a0bcbbfa85d6 Mon Sep 17 00:00:00 2001
From: Igor Kostenko <work.ker...@gmail.com>
Date: Thu, 3 Jul 2025 19:02:20 +0200
Subject: [PATCH v2] crt/ssp: disable premature stack protection at canary
init

Fix stack protection bootstrapping issue where the canary initialization
function itself triggers false positive stack overflow detection.

Changes in v2:
- Shorten init function definition
- Rewrite the description

Signed-off-by: Igor Kostenko <work.ker...@gmail.com>
---
 mingw-w64-crt/ssp/stack_chk_guard.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mingw-w64-crt/ssp/stack_chk_guard.c
b/mingw-w64-crt/ssp/stack_chk_guard.c
index 3ff22e020..be43d8c7e 100644
--- a/mingw-w64-crt/ssp/stack_chk_guard.c
+++ b/mingw-w64-crt/ssp/stack_chk_guard.c
@@ -10,7 +10,11 @@

 void *__stack_chk_guard;

-static void __cdecl __attribute__((__constructor__)) init(void)
+// This function requires `no_stack_protector` because it changes the
+// value of `__stack_chk_guard`, causing stack checks to fail before
+// returning from this function.
+__attribute__((__constructor__, __no_stack_protector__))
+static void __cdecl init(void)
 {
   unsigned int ui;
   if (__stack_chk_guard != 0)
-- 
2.24.0.windows.2


чт, 3 лип. 2025 р. о 16:40 LIU Hao <lh_mo...@126.com> пише:

> 在 2025-7-3 20:06, Igor Kostenko 写道:
> > Fix stack protection bootstrapping issue where the canary initialization
> > function itself triggers false positive stack overflow detection.
> >
> > Signed-off-by: Igor Kostenko <work.ker...@gmail.com>
> > ---
> >   mingw-w64-crt/ssp/stack_chk_guard.c | 6 +++++-
> >   1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/mingw-w64-crt/ssp/stack_chk_guard.c
> b/mingw-w64-crt/ssp/stack_chk_guard.c
> > index 3ff22e020..7e4a6c1a0 100644
> > --- a/mingw-w64-crt/ssp/stack_chk_guard.c
> > +++ b/mingw-w64-crt/ssp/stack_chk_guard.c
> > @@ -10,7 +10,11 @@
> >
> >   void *__stack_chk_guard;
> >
> > -static void __cdecl __attribute__((__constructor__)) init(void)
> > +// no_stack_protector attribute added bellow,
> > +// to disable stack protection checks even before the canary is
> initialized
>
> Would you please explain the exact meaning of 'canary'?
>
>
> > +// check will always fail at the end of this function
> > +// initial value (0) != initialzed value (rand or dedbeaf const)
>
> Here are two typos.
>
> While I understand the reason, this explanation doesn't seem so
> straightforward. What about:
>
>     // This function requires `no_stack_protector` because it changes the
>     // value of `__stack_chk_guard`, causing stack checks to fail before
>     // returning from this function.
>
>
> > +static void __cdecl __attribute__((__constructor__,
> no_stack_protector)) init(void)
> >   {
> >     unsigned int ui;
> >     if (__stack_chk_guard != 0)
>
> For consistency reasons I'd prefer this be
> `__attribute__((__constructor__, __no_stack_protector__))`.
> This line is too long now, so maybe we can have
>
>     __attribute__((__constructor__, __no_stack_protector__))
>     static void __cdecl init(void)
>
>
> The `no_stack_protector` was added in GCC 11 and Clang 7, but both have a
> convention of ignoring unknown
> attributes, so it's probably fine to leave out a check.
>
>
> --
> Best regards,
> LIU Hao
>

_______________________________________________
Mingw-w64-public mailing list
Mingw-w64-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public

Reply via email to