https://gcc.gnu.org/bugzilla/show_bug.cgi?id=68065
Daniel Micay <danielmicay at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |danielmicay at gmail dot com
--- Comment #9 from Daniel Micay <danielmicay at gmail dot com> ---
> VLA also does not detect stack overflows either.
Stack overflows are detected with -fstack-check, or at least they would be if
the option worked properly: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66479
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65958
I've always found it quite bad that well-defined code with GCC can actually be
exploited (arbitrary write vulnerabilities) due to the fact that -fstack-check
is not enabled by default. MSVC++ and Clang on Windows guarantee that stack
overflows from well-defined code (large stack frames, VLAs) will be caught.
However, the switch seems to cause a significant performance hit for functions
where it triggers (which are rare but sometimes performance critical, a good
example is jemalloc's rbtree implementation which uses arrays rather than
recursion) and compatibility issues due to the way it's currently implemented:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67265/.
