7.130 --protect_stack, --no_protect_stack

Inserts a guard variable onto the stack frame for each vulnerable function.

The guard variable is inserted between any buffers and the return address entry.
A function is considered vulnerable if it contains a vulnerable array. A vulnerable array is one that has:
  • Automatic storage duration.
  • A character type (char or wchar_t).
In addition to inserting the guard variable and check, the compiler also moves vulnerable arrays to the top of the stack, immediately preceding the guard variable. The compiler stores a copy of the guard variable's value at another location, and uses the copy to check that the guard has not been overwritten, indicating a buffer overflow.

Usage

Use --protect_stack to enable the stack protection feature. Use --no_protect_stack to explicitly disable this feature. If both options are specified, the last option specified takes effect.
The --protect_stack_all option adds this protection to all functions regardless of their vulnerability.
With stack protection, when a vulnerable function is called, the initial value of its guard variable is taken from a global variable:
void *__stack_chk_guard;
You must provide this variable with a suitable value, such as a random value. The value can change during the life of the program. For example, a suitable implementation might be to have the value constantly changed by another thread. In addition, you must implement this function:
void __stack_chk_fail(void);
It is called by the checking code on detection of corruption of the guard. In general, such a function would exit, possibly after reporting a fault.

Examples

In the following function, the array buf is vulnerable and the function is protected when compiled with --protect_stack:
void copy(const char *p)
{
    char buf[4];
    strcpy(buf, p);
}

Default

The default is --no_protect_stack.
Non-ConfidentialPDF file icon PDF versionARM DUI0375E
Copyright © 2007, 2008, 2011, 2012, 2014 ARM. All rights reserved.