Message ID | 1447337068-2448-1-git-send-email-rprebello@gmail.com |
---|---|
State | New |
Headers | show |
Rodrigo Rebello <rprebello@gmail.com> writes: > The check for stack-protector support consisted in compiling and linking > the test program below (output by function write_c_skeleton()) with the > compiler flag -fstack-protector-strong first and then with > -fstack-protector-all if the first one failed to work: > > int main(void) { return 0; } > > This caused false positives when using certain toolchains in which the > compiler accepted -fstack-protector-strong but no support was provided > by the C library, since for this stack-protector variant the compiler > emits canary code only for functions that meet specific conditions > (local arrays, memory references to local variables, etc.) and the code > fragment under test included none of them (hence no stack protection > code generated, no link failure). > > This fix changes the test program used for -fstack-protector checks to > include a function that meets conditions which cause the compiler to > generate canary code in all variants. > > Signed-off-by: Rodrigo Rebello <rprebello@gmail.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
12.11.2015 17:04, Rodrigo Rebello wrote: > The check for stack-protector support consisted in compiling and linking > the test program below (output by function write_c_skeleton()) with the > compiler flag -fstack-protector-strong first and then with > -fstack-protector-all if the first one failed to work: ... Applied to -trivial, thank you! /mjt
diff --git a/configure b/configure index 46fd8bd..d93c744 100755 --- a/configure +++ b/configure @@ -1486,6 +1486,16 @@ for flag in $gcc_flags; do done if test "$stack_protector" != "no"; then + cat > $TMPC << EOF +int main(int argc, char *argv[]) +{ + char arr[64], *p = arr, *c = argv[0]; + while (*c) { + *p++ = *c++; + } + return 0; +} +EOF gcc_flags="-fstack-protector-strong -fstack-protector-all" sp_on=0 for flag in $gcc_flags; do
The check for stack-protector support consisted in compiling and linking the test program below (output by function write_c_skeleton()) with the compiler flag -fstack-protector-strong first and then with -fstack-protector-all if the first one failed to work: int main(void) { return 0; } This caused false positives when using certain toolchains in which the compiler accepted -fstack-protector-strong but no support was provided by the C library, since for this stack-protector variant the compiler emits canary code only for functions that meet specific conditions (local arrays, memory references to local variables, etc.) and the code fragment under test included none of them (hence no stack protection code generated, no link failure). This fix changes the test program used for -fstack-protector checks to include a function that meets conditions which cause the compiler to generate canary code in all variants. Signed-off-by: Rodrigo Rebello <rprebello@gmail.com> --- Changes v1 -> v2: - Use a simpler test code that works. --- configure | 10 ++++++++++ 1 file changed, 10 insertions(+)