For performance reasons, -fstack-protector only instruments a small subset of all functions, including functions which should have instrumentation. fstack-protector-all instruments all functions (including leaf functions that do not use pointers). These modes differ in the set of functions they consider eligible for instrumentation. GCC 4.8.1 and the GCC version in Fedora 19 added another mode, -fstack-protector-strong, bringing the number of stack protector modes up to three. Previously, GCC offered only two stack protector modes, -fstack-protector and -fstack-protector-all. The inserted check fails if the canary differs from the expected value loaded from a global variable. The stack protector uses a canary value in the stack frame.
#C PTHREADS STACK SMASHING DETECTED CODE#
This happens before the jump to the return address popped of the stack, and is intended to make exploitation of stack-based buffer overflows for arbitrary code execution more difficult. When any of these flags are used, GCC instruments the function return instruction with a probabilistic check that the stack frame is not corrupted. The GCC flags -fstack-protector and -fstack-protector-all activate the Stack Smashing Protector (SSP). Notice the message " stack smashing detected", which implies that GCC's stack protector feature is being used. ⤷(e_mail_config_service_page_add_scratch_source+0x344) usr/lib64/evolution/3.10/libevolution-mail.so⤵ *** stack smashing detected ***: evolution terminated The crash in question looked like this: $ evolution Vadim Rutkovsky reported that Evolution 3.9.4 in Fedora rawhide crashed during the initial setup when built with -fstack-protector-strong flag. Our example debugging session is based on a GNOME bug report for Evolution.
#C PTHREADS STACK SMASHING DETECTED HOW TO#
This post shows how to debug stack protector failures. Each time we add more security instrumentation, we also uncover some previously hidden bugs. GCC upstream and Fedora 19 recently improved the stack smashing protector. Co-contributors: Dhiru Kholia and Florian Weimer The information may no longer be current. This article was originally published on the Red Hat Customer Portal.