3

Most of the mature compilers appear to have good support for stack variable clobbers.

For clang I've found -fsanitize=safe-stack, but it doesn't support shared libraries, which makes it pretty much useless for me.

It looks like that sanitizer is implemented as an add-on? Does anybody know if clang has any sort of alternate (built-in?) anti stack-smashing support that doesn't have the no shared library restriction, or if there are plans to generalize the existing limited safe-stack implementation to catch up to all the other compilers?

Peeter Joot
  • 7,034
  • 6
  • 44
  • 68

2 Answers2

3

clang support gcc's -fstack-protector option:

:: clang --help | grep stack-protector
-fno-stack-protector    Disable the use of stack protectors
-fstack-protector-all   Force the usage of stack protectors for all functions
-fstack-protector-strong
-fstack-protector       Enable stack protectors for functions potentially vulnerable to stack smashing

And I believe it follows what GCC does here.

John Szakmeister
  • 38,342
  • 9
  • 78
  • 72
2

Do you want to find hidden memory bugs in your app or harden it for production use? For the former you can go with -fsanitize=address which is available both in GCC and in Clang, provides excellent buffer overflow detection and can be applied to parts of your program (you won't detect all errors in this case). It's not suitable for production use though as it has a 2x performance penalty and makes program more vulnerable to external attacks.

yugr
  • 13,457
  • 3
  • 37
  • 71