The guard variable is inserted between any buffers and the return address entry.
A function is considered vulnerable if it contains a vulnerable array. A vulnerable array
is one that has:
In addition to inserting the guard variable and check, the compiler also moves vulnerable
arrays to the top of the stack, immediately preceding the guard variable. The compiler
stores a copy of the guard variable's value at another location, and uses the copy to check
that the guard has not been overwritten, indicating a buffer overflow.
--protect_stack to enable the stack protection feature. Use
--no_protect_stack to explicitly disable this feature. If both options
are specified, the last option specified takes effect.
--protect_stack_all option adds this protection to all functions
regardless of their vulnerability.
With stack protection, when a vulnerable function is called, the initial value of its guard
variable is taken from a global variable:
You must provide this variable with a suitable value, such as a random value. The value can
change during the life of the program. For example, a suitable implementation might be to
have the value constantly changed by another thread. In addition, you must implement this
It is called by the checking code on detection of corruption of the guard. In general, such
a function would exit, possibly after reporting a fault.
For consistency with GNU tools, the option
-fstack-protector is treated identically to
--protect-stack. Similarly, the
-fstack-protector-all option is
treated identically to
In the following function, the array
buf is vulnerable and the function is
protected when compiled with
void copy(const char *p)