https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81383
Bug ID: 81383 Summary: -fstack-protector doesn't work well Product: gcc Version: 8.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: libgcc Assignee: unassigned at gcc dot gnu.org Reporter: hjl.tools at gmail dot com Target Milestone: --- [hjl@gnu-6 tmp]$ cat ssp-1.c #ifndef LOOP #define LOOP 400 #endif int main (void) { int i = 0; char foo[30]; /* Overflow buffer. */ for (i = 0; i < LOOP; i++) foo[i] = 42; return 1; /* fail */ } [hjl@gnu-6 tmp]$ gcc ssp-1.c -g -fstack-protector [hjl@gnu-6 tmp]$ ./a.out Segmentation fault [hjl@gnu-6 tmp]$ gdb a.out GNU gdb (GDB) Fedora 8.0-13.0.fc25 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from a.out...done. (gdb) r Starting program: /tmp/a.out Missing separate debuginfos, use: dnf debuginfo-install glibc-2.24-9.0.fc25.x86_64 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7a4912d in getenv () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff7a4912d in getenv () from /lib64/libc.so.6 #1 0x00007ffff7a8847d in __libc_message () from /lib64/libc.so.6 #2 0x00007ffff7b2a387 in __fortify_fail () from /lib64/libc.so.6 #3 0x00007ffff7b2a350 in __stack_chk_fail () from /lib64/libc.so.6 #4 0x000000000040057d in main () at ssp-1.c:15 (gdb) q A debugging session is active. Inferior 1 [process 23361] will be killed. Quit anyway? (y or n) y [hjl@gnu-6 tmp]$ gcc ssp-1.c -g -fstack-protector -DLOOP=50 [hjl@gnu-6 tmp]$ ./a.out *** stack smashing detected ***: ./a.out terminated ======= Backtrace: ========= /lib64/libc.so.6(+0x796eb)[0x7f6725a696eb] /lib64/libc.so.6(__fortify_fail+0x37)[0x7f6725b0b387] /lib64/libc.so.6(__fortify_fail+0x0)[0x7f6725b0b350] ./a.out[0x40057a] /lib64/libc.so.6(__libc_start_main+0xf1)[0x7f6725a10931] ./a.out[0x40045a] ======= Memory map: ======== 00400000-00401000 r-xp 00000000 08:02 787116 /tmp/a.out 00600000-00601000 r--p 00000000 08:02 787116 /tmp/a.out 00601000-00602000 rw-p 00001000 08:02 787116 /tmp/a.out 00ca3000-00cc4000 rw-p 00000000 00:00 0 [heap] 7f67257d9000-7f67257ef000 r-xp 00000000 08:02 148033 /usr/lib64/libgcc_s-6.3.1-20170216.so.1 7f67257ef000-7f67259ee000 ---p 00016000 08:02 148033 /usr/lib64/libgcc_s-6.3.1-20170216.so.1 7f67259ee000-7f67259ef000 r--p 00015000 08:02 148033 /usr/lib64/libgcc_s-6.3.1-20170216.so.1 7f67259ef000-7f67259f0000 rw-p 00016000 08:02 148033 /usr/lib64/libgcc_s-6.3.1-20170216.so.1 7f67259f0000-7f6725baf000 r-xp 00000000 08:02 135671 /usr/lib64/libc-2.24.so 7f6725baf000-7f6725dae000 ---p 001bf000 08:02 135671 /usr/lib64/libc-2.24.so 7f6725dae000-7f6725db2000 r--p 001be000 08:02 135671 /usr/lib64/libc-2.24.so 7f6725db2000-7f6725db4000 rw-p 001c2000 08:02 135671 /usr/lib64/libc-2.24.so 7f6725db4000-7f6725db8000 rw-p 00000000 00:00 0 7f6725db8000-7f6725dde000 r-xp 00000000 08:02 134046 /usr/lib64/ld-2.24.so 7f6725faa000-7f6725fac000 rw-p 00000000 00:00 0 7f6725fda000-7f6725fdd000 rw-p 00000000 00:00 0 7f6725fdd000-7f6725fde000 r--p 00025000 08:02 134046 /usr/lib64/ld-2.24.so 7f6725fde000-7f6725fdf000 rw-p 00026000 08:02 134046 /usr/lib64/ld-2.24.so 7f6725fdf000-7f6725fe0000 rw-p 00000000 00:00 0 7ffd73573000-7ffd73594000 rw-p 00000000 00:00 0 [stack] 7ffd735d9000-7ffd735db000 r--p 00000000 00:00 0 [vvar] 7ffd735db000-7ffd735dd000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted [hjl@gnu-6 tmp]$