C99 Features
Nico Williams
nico at cryptonector.com
Fri Jun 19 15:12:48 EDT 2015
On Thu, Jun 18, 2015 at 12:29:39AM -0400, Nathaniel McCallum wrote:
> Most of this is greatly diminished by the various stack protection
> techniques found in modern compilers. It is getting harder and harder
> to even trigger these kinds of errors.
Standard techniques for protecting against buffer overflows don't help
here. The problem is that the emitted code cannot know where the end of
the stack lies. What can the compiler do? It could:
- Write a zero to one word of each page of the array in sequence,
hoping that the guard page will never be missed and will cause stack
growth or SEGFAULT in all cases.
This requires knowing the page size for the stack, but assuming a
small page seems reasonable.
This can also be done in user code, but it does require knowing the
direction in which the stack grows.
(Presumably the performance impact of this probing should be minimal.)
- Call a system call to ensure the stack is large enough for the
requested allocation.
This requires adding that system call to the ABI.
Whatever the compiler does, the result has to be free of race
conditions.
Do compilers emit such code?
More information about the krbdev
mailing list