On Thursday 25 January 2007 01:22, In Cognito wrote:
> Hello,
>
> It's nice to see a more security-minded release of gcc with v4.
> Variables are moved around to reduce chances for exploitation,
> -fstack-protector, etc. Great!
>
> Why are local variables once-again adjacent to the saved frame pointer
> though? gcc v 2 called and wants one of its "features" back.
>
> func(char *b){
> char buf[512];
> if( strlen(b) > sizeof buf) return;
> strcpy(buf, b);
> }
>
> 0x080483a7 <func+3>: sub $0x208,%esp
> 0x080483ad <func+9>: mov 0x8(%ebp),%eax
> 0x080483b0 <func+12>: mov %eax,0x4(%esp)
> 0x080483b4 <func+16>: lea 0xfffffe00(%ebp),%eax
> 0x080483ba <func+22>: mov %eax,(%esp)
> 0x080483bd <func+25>: call 0x80482e8 <[EMAIL PROTECTED]>
> 0x080483c2 <func+30>: leave
> 0x080483c3 <func+31>: ret
>
> 0x208 = 520 bytes; alright padding can be useful
> 0xfffffe00(%ebp) = -512 + ebp.
What padding? It's a place for strcpy parameters...
--
vda
