I see documentation out there for the levels of stack-protector in GCC: Regular protects functions that have buffers or that use alloca(), all protects all functions, strong protects functions with the conditions listed in para 3 in this doc: https://docs.google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU/editAlso, in GCC, stack-protector puts variables below buffers on the stack (i.e., higher up the stack).
I’m having trouble finding similar documentation for Clang. (Even if it’s just an official statement that “Clang does the same thing as GCC.”)
Or you can goole with “stack protector site:http://lists.llvm.org/pipermail/cfe-dev/” to find something
on the cfe-dev mailing list. I think that’s all you can find.
Here is more specifically what I am looking for:
In GCC, it is published that the stack protector option levels do the following things (this is in the linked document):
-fno-stack-protector: No protection.
-fstack-protector: Protection for functions in which either of the following is true:
The function uses alloca
There is a char array that is bigger than 8 bytes (actually, bigger than whatever SSP_BUFFER_SIZE is)
-fstack-protector-all: Protection for all functions - no heuristic.
-fstack-protector-strong: Protection for functions in which any of the following is true:
Any the address of any local variable used in the RHS of an assignment
Any local variable is passed by reference to a function
There is any array, regardless of array type or length
There is a struct/union containing an array
There are register local variables
(Also, the stack data is rearranged such that variables are at lower addresses than buffers.)
What about on Clang? What specifically does -fstack-protector protect? What specifically does -fstack-protector-strong protect? Is it exactly the same definition as in GCC?