Does -fstack-protector[-all] actually do anything?

On the Windows/MSVC builds of the product I work on, I've turned on the
"GuardStack" compiler option (/GS) which puts in fences to detect buffer
overruns in functions that the compiler thinks need it. Now I'm looking
at other platforms.

GCC has -fstack-protector and -fstack-protector-all. There's also the fairly
new -fstack-protector-strong, but I need to support Linuxes that are too
old to have that.

Clang has Address Sanitizer, but that seems to cost too much performance
for production code - with a bit of work, one can get the /GS losses down
to 2% or less with MSVC.

Clang also accepts GCC's -fstack-protector and -fstack-protector-all, but
they don't seem to do anything: taking assembly listings for a simple test
program compiled with and without -fstack-protector-all and diffing them
reveals no differences at all. I'm using OS X 10.9.2 with a Clang from Xcode
that reports itself as:

    Apple LLVM version 5.0 (clang-500.2.79) (based on LLVM 3.3svn)

Are -fstack-protector and -fstack-protector-all just being accepted and
ignored?

thanks,

-fstack-protector protects vulnerable objects like c-strings.
-fstack-protector-all protects all frames with vulnerable objects,
like an int[].

Do you have vulnerable objects in the stack frame?

Hiroaki Etoh's patch for SSP in GCC can be found at
http://gcc.gnu.org/ml/gcc-patches/2001-06/msg01753.html.

Microsoft has another setting for high-risk source code files: #pragma
strict_gs_check(on). Use it for, for example, a parser that accepts
untrusted input from the internet. I don't believe Linux/GCC has a
similar setting.

Jeff

-fstack-protector protects vulnerable objects like c-strings.
-fstack-protector-all protects all frames with vulnerable objects, like an int[].

Do you have vulnerable objects in the stack frame?

Yes. A char array in a stack frame, which for test purposes I'm deliberately
over-running with an over-length strcpy.

Hiroaki Etoh's patch for SSP in GCC can be found at
http://gcc.gnu.org/ml/gcc-patches/2001-06/msg01753.html.

Yes ... I'm not clear what good this does me with Clang.

Microsoft has another setting for high-risk source code files: #pragma
strict_gs_check(on). Use it for, for example, a parser that accepts
untrusted input from the internet. I don't believe Linux/GCC has a
similar setting.

Yup. I don’t have anything that's truly high-risk, but we document that
option for our Windows customers to use where appropriate. The product
is a closed-source mathematical modelling library that gets embedded
in end-user applications by our customers.