psmith created this revision. psmith added reviewers: jfb, Shayne, emaste, kristof.beyls, mattdr, ojhunt, probinson, reames, serge-sans-paille, dim. Herald added a subscriber: dexonsmith. psmith requested review of this revision.
The Clang -fstack-protector documentation mentions what functions are considered vulnerable but does not mention the details of the implementation such as the use of a global variable for the guard value. This brings the documentation more in line with the GCC documentation at: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html and gives someone using the option more idea about what is protected. This partly addresses https://bugs.llvm.org/show_bug.cgi?id=42764 https://reviews.llvm.org/D85239 Files: clang/docs/ClangCommandLineReference.rst Index: clang/docs/ClangCommandLineReference.rst =================================================================== --- clang/docs/ClangCommandLineReference.rst +++ clang/docs/ClangCommandLineReference.rst @@ -2136,7 +2136,7 @@ .. option:: -fstack-protector, -fno-stack-protector -Enable stack protectors for some functions vulnerable to stack smashing. This uses a loose heuristic which considers functions vulnerable if they contain a char (or 8bit integer) array or constant sized calls to alloca, which are of greater size than ssp-buffer-size (default: 8 bytes). All variable sized calls to alloca are considered vulnerable +Enable stack protectors for some functions vulnerable to stack smashing. This uses a loose heuristic which considers functions vulnerable if they contain a char (or 8bit integer) array or constant sized calls to alloca, which are of greater size than ssp-buffer-size (default: 8 bytes). All variable sized calls to alloca are considered vulnerable. A function with a stack protector has a guard value added to the stack frame that is checked on function exit. The guard value must be positioned in the stack frame such that a buffer overflow from a vulnerable variable will overwrite to the guard value before overwriting the function's return address. The reference stack guard value is stored in a global variable. .. option:: -fstack-protector-all
Index: clang/docs/ClangCommandLineReference.rst =================================================================== --- clang/docs/ClangCommandLineReference.rst +++ clang/docs/ClangCommandLineReference.rst @@ -2136,7 +2136,7 @@ .. option:: -fstack-protector, -fno-stack-protector -Enable stack protectors for some functions vulnerable to stack smashing. This uses a loose heuristic which considers functions vulnerable if they contain a char (or 8bit integer) array or constant sized calls to alloca, which are of greater size than ssp-buffer-size (default: 8 bytes). All variable sized calls to alloca are considered vulnerable +Enable stack protectors for some functions vulnerable to stack smashing. This uses a loose heuristic which considers functions vulnerable if they contain a char (or 8bit integer) array or constant sized calls to alloca, which are of greater size than ssp-buffer-size (default: 8 bytes). All variable sized calls to alloca are considered vulnerable. A function with a stack protector has a guard value added to the stack frame that is checked on function exit. The guard value must be positioned in the stack frame such that a buffer overflow from a vulnerable variable will overwrite to the guard value before overwriting the function's return address. The reference stack guard value is stored in a global variable. .. option:: -fstack-protector-all
_______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
