Re: [Qemu-trivial] [Qemu-devel] [PATCH 1/1] configure: use appropriate c

qemu-trivial

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-trivial] [Qemu-devel] [PATCH 1/1] configure: use appropriate c

From:	Markus Armbruster
Subject:	Re: [Qemu-trivial] [Qemu-devel] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks
Date:	Thu, 12 Nov 2015 09:41:49 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Rodrigo Rebello <address@hidden> writes:

> The check for stack-protector support consisted in compiling and linking
> the test program below (output by function write_c_skeleton()) with the
> compiler flag -fstack-protector-strong first and then with
> -fstack-protector-all if the first one failed to work:
>
>   int main(void) { return 0; }
>
> This caused false positives when using certain toolchains in which the
> compiler accepted -fstack-protector-strong but no support was provided
> by the C library, since for this stack-protector variant the compiler
> emits canary code only for functions that meet specific conditions
> (local arrays, memory references to local variables, etc.) and the code
> fragment under test included none of them (hence no stack protection
> code generated, no link failure).
>
> This fix changes the test program used for -fstack-protector checks to
> include a function that meets conditions which cause the compiler to
> generate canary code in all variants.
>
> Signed-off-by: Rodrigo Rebello <address@hidden>
> ---
>  configure | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
>
> diff --git a/configure b/configure
> index 46fd8bd..c3d9592 100755
> --- a/configure
> +++ b/configure
> @@ -1486,6 +1486,24 @@ for flag in $gcc_flags; do
>  done
>  
>  if test "$stack_protector" != "no"; then
> +  cat > $TMPC << EOF
> +void foo(const char *c);
> +
> +void foo(const char *c)
> +{
> +    char arr[64], *p;
> +    for (p = arr; *c; c++, p++) {
> +        *p = *c;
> +    }
> +}
> +
> +int main(void)
> +{
> +    char c[] = "";
> +    foo(c);

Why not simply foo("")?

Could the optimizer optimize away the pattern that triggers the canary?

To protect against that possibility, we could use

int main(int argc, char *argv[])
{
    foo(argv[0]);
}

> +    return 0;
> +}
> +EOF
>    gcc_flags="-fstack-protector-strong -fstack-protector-all"
>    sp_on=0
>    for flag in $gcc_flags; do

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-trivial] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks, Rodrigo Rebello, 2015/11/11
- Re: [Qemu-trivial] [Qemu-devel] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks, Markus Armbruster <=
  - Re: [Qemu-trivial] [Qemu-devel] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks, Rodrigo Rebello, 2015/11/12
    - Re: [Qemu-trivial] [Qemu-devel] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks, Markus Armbruster, 2015/11/12
    - Re: [Qemu-trivial] [Qemu-devel] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks, Rodrigo Rebello, 2015/11/12

Prev by Date: [Qemu-trivial] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks
Next by Date: Re: [Qemu-trivial] [Qemu-devel] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks
Previous by thread: [Qemu-trivial] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks
Next by thread: Re: [Qemu-trivial] [Qemu-devel] [PATCH 1/1] configure: use appropriate code fragment for -fstack-protector checks
Index(es):
- Date
- Thread