1

I've been running into a stack-smashing issue and I'm having difficulty finding the cause. The stack smashing error only happens occasionally, and only at the very end of the program's execution. It also stops happening completely when I compile it using the 'fstack-protector' option with gcc. I'm wondering if using the 'fstack-protector' option is an actual solution or if I'm just hiding the problem? I'd post the code but it's 3000 lines long and I'm not sure which part of the code is responsible.

hmarceau
  • 28
  • 1
  • 6
  • 3
    Yes, you are hiding the problem. – Eugene Sh. Jun 20 '18 at 19:00
  • 5
    `-fstack-protector` is supposed to turn exploitable bugs into prompt crashes, not to prevent stack corruption altogether. If the program stops crashing when compiled with `-fstack-protector`, then it's just had the bug perturbed out of manifesting. Try `valgrind` instead. – zwol Jun 20 '18 at 19:01
  • I recommend compiling with `-fsanitize=address` and running the program. It is better at analyzing the stack than valgrind, because it knows the actual variables on the stack and it can tell you when an array access on the stack overflows into another stack variable. https://github.com/google/sanitizers/wiki/AddressSanitizerExampleStackOutOfBounds – PaulR Jun 22 '18 at 15:30

1 Answers1

2

This option does not prevent stack smashing, but rather detects it and halts the program.

From the gcc man page:

-fstack-protector

Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call "alloca", and functions with buffers larger than 8 bytes. The guards are initialized when a function is entered and then checked when the function exits. If a guard check fails, an error message is printed and the program exits.

You still have an overflow problem, but the addition of the guard variables is apparently masking the issue. If you run your program under valgrind it should be able to detect what's happening.

dbush
  • 205,898
  • 23
  • 218
  • 273