1 @node Overflow Protection
2 @chapter Overflow Protection
5 * Stack Smashing Protection:: Checks enabled with -fstack-protector*
6 * Object Size Checking:: Checks enabled with _FORTIFY_SOURCE
9 @node Stack Smashing Protection
10 @section Stack Smashing Protection
11 Stack Smashing Protection is a compiler feature which emits extra code
12 to check for stack smashing attacks. It depends on a canary, which is
13 initialized with the process, and functions for process termination when
14 an overflow is detected. These are private entry points intended solely
15 for use by the compiler, and are used when any of the @code
{-fstack-protector
},
16 @code
{-fstack-protector-all
}, @code
{-fstack-protector-explicit
}, or
17 @code
{-fstack-protector-strong
} compiler flags are enabled.
19 @node Object Size Checking
20 @section Object Size Checking
21 Object Size Checking is a feature which wraps certain functions with checks
22 to prevent buffer overflows. These are enabled when compiling with
23 optimization (@code
{-O1
} and higher) and @code
{_FORTIFY_SOURCE
} defined
24 to
1, or for stricter checks, to
2.
26 @cindex list of overflow protected functions
27 The following functions use object size checking to detect buffer overflows
31 @exdent @emph
{String functions:
}
34 explicit_bzero memset strncat
37 @exdent @emph
{Wide Character String functions:
}
38 fgetws wcrtomb wcsrtombs
39 fgetws_unlocked wcscat wmemcpy
40 mbsnrtowcs wcscpy wmemmove
41 mbsrtowcs wcsncat wmempcpy
42 wcpcpy wcsncpy wmemset
45 @exdent @emph
{Stdio functions:
}
46 fgets fread_unlocked sprintf
47 fgets_unlocked gets vsnprintf
48 fread snprintf vsprintf
50 @exdent @emph
{Stdlib functions:
}
51 mbstowcs wcstombs wctomb
53 @exdent @emph
{System functions:
}