mirror of
https://github.com/RGBCube/serenity
synced 2025-05-28 11:25:09 +00:00
06da50afc7
Modify the user mode runtime to insert stack canaries to find stack corruptions.
The `-fstack-protector-strong` variant was chosen because it catches more
issues than vanilla `-fstack-protector`, but doesn't have substantial
performance impact like `-fstack-protector-all`.
Details:
-fstack-protector enables stack protection for vulnerable functions that contain:
* A character array larger than 8 bytes.
* An 8-bit integer array larger than 8 bytes.
* A call to alloca() with either a variable size or a constant size bigger than 8 bytes.
-fstack-protector-strong enables stack protection for vulnerable functions that contain:
* An array of any size and type.
* A call to alloca().
* A local variable that has its address taken.
Example of it catching corrupting in the `stack-smash` test:
```
courage ~ $ ./user/Tests/LibC/stack-smash
[+] Starting the stack smash ...
Error: Stack protector failure, stack smashing detected!
Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted
```
|
||
|---|---|---|
| .. | ||
| accuracy-strtod.cpp | ||
| CMakeLists.txt | ||
| exec-should-not-search-current-directory.cpp | ||
| memmem-tests.cpp | ||
| qsort-sorts-and-copies.cpp | ||
| snprintf-correctness.cpp | ||
| stack-smash.cpp | ||
| strlcpy-correctness.cpp | ||