On Tue, Nov 17, 2020 at 03:07:05PM -0500, Mouse wrote: > >> But [...] __ssp_overlap succeeded to pinpoint the overlap with the > >> buffer declared as an (fixed size) array but not when it was > >> dynamically allocated. > > Correct, the SSP primitives will only ever work for static buffers. > > But they are designed and intended to catch stack-smashing potential, > are they not? In that case, this is what I'd expect, because a > dynamically allocated buffer is not on the stack and thus inherently > has no stack-smashing potential. > > Unless "dynamically allocated" here means something like a > variable-sized array or alloca(), which isn't what it sounded like.
They are intended for dealing with statically sized objects. That covers dynamically allocated buffers of known size and potentially dynamic allocation near the allocation site. But it will always be best effort. If the compiler can't prove a problem exists, it will not do anything. Joerg
