Hi, Jakub, thanks! The thing is that ssp-buffer-size controls array-size limit, but we also want to protect attacks via struct/union, and other frame address casting. One of the places I've wanted to have stack protector was in routines that fill a structure from some binary input stream. In most attacks this includes an array overflow, but I've seen weird code where code is trying to be smart and fill a potentially variable-sized structure (e.g. a union of possible structures), and just blasts the stack with an unbound memcpy, even when those structures contain no arrays. It's significantly more rare than the cases with arrays, but these do need to be protected (for us).
-Han On Fri, Dec 2, 2011 at 12:54 AM, Jakub Jelinek <ja...@redhat.com> wrote: > > On Tue, Nov 29, 2011 at 03:53:50PM -0800, Han Shen(沈涵) wrote: > > Hi, I propose to add to gcc a new option regarding stack protector - > > "-fstack-protector-strong", in addition to current gcc's > > "-fstack-protector-all", which protects ALL functions, and > > "-fstack-protector", which protects functions that have a big > > (signed/unsigned) char array or have alloca called. > > Isn't -fstack-protector --param ssp-buffer-size=4 (or =2) enough for you? > > Jakub
