https://llvm.org/bugs/show_bug.cgi?id=25610
Bug ID: 25610
Summary: -fstack-protector places the canary in the wrong place
on arm64 with va_args,
Product: libraries
Version: trunk
Hardware: PC
OS: FreeBSD
Status: NEW
Severity: normal
Priority: P
Component: Backend: AArch64
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected]
Classification: Unclassified
I found the stack may have an incorrect layout on AArch64 when using ssp. It
can place the canary value at a lower address than any arrays.
It appears to need the user of va_args, however I'm unsure if this is just to
adjust the stack size, or a requirement for the changed layout to be shown.
I've not tracked down why this is not crashing, however it seems to be affected
by optimisation level as at -O0 I get the expected crash, however at -O1 it
exits without detecting the buffer overflow.
When built with USE_VARARG defined and with optimisations the attached example
places the buf array at the top of the stack so there is no space above it. It
then places the canary below the array so if the bar function writes past the
end of buf it fails to detect it.
When building with USE_VARARG undefined, or with -O0 it crashes as expected.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
llvm-bugs mailing list
[email protected]
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
