Hello, the stack checking is intended to detect simplistic overwrites of stack control structures. If an attacker is able to overwrite a single NUL in the canary with a NUL supplied from an input string, but no further, then the stack control structures are still intact and undamaged. As far as the stack checking is concerned, this is a success.
The intention of the 'terminator canary' is that it would be difficult to cause a write with common string functions to go beyond the canary -- they'd stop on the newline, or the NUL, and wouldn't progress beyond that. Can you get strcpy() to go beyond the canary, to the control structures? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1959841 Title: Lower 8 bits are always zero in stackguard value To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gcc-defaults/+bug/1959841/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
