简体繁体 English

gcc的-fstack-protector选项如何防止堆栈粉碎？

[英]How does gcc's -fstack-protector option prevent stack smashing?

原文 2018-06-20 18:58:14 9 1 c/ gcc/ stack-overflow/ stack-smash

I've been running into a stack-smashing issue and I'm having difficulty finding the cause. 我一直遇到堆栈粉碎问题，并且很难找到原因。 The stack smashing error only happens occasionally, and only at the very end of the program's execution. 堆栈崩溃错误仅偶尔发生，并且仅在程序执行的最后发生。 It also stops happening completely when I compile it using the 'fstack-protector' option with gcc. 当我在gcc中使用'fstack-protector'选项进行编译时，它也完全停止发生。 I'm wondering if using the 'fstack-protector' option is an actual solution or if I'm just hiding the problem? 我想知道使用'fstack-protector'选项是否是实际的解决方案，还是只是隐藏了问题？ I'd post the code but it's 3000 lines long and I'm not sure which part of the code is responsible. 我会发布代码，但是它有3000行，而且我不确定代码的哪一部分负责。

1 个解决方案

This option does not prevent stack smashing, but rather detects it and halts the program. 此选项不会阻止堆栈崩溃，而是会检测到它并暂停程序。

From the gcc man page: 从gcc手册页：

-fstack-protector -fstack保护器

Emit extra code to check for buffer overflows, such as stack smashing attacks. 发出额外的代码以检查缓冲区溢出，例如堆栈破坏攻击。 This is done by adding a guard variable to functions with vulnerable objects. 这是通过向具有易受攻击对象的函数添加一个保护变量来完成的。 This includes functions that call "alloca", and functions with buffers larger than 8 bytes. 这包括调用“ alloca”的函数以及缓冲区大于8个字节的函数。 The guards are initialized when a function is entered and then checked when the function exits. 当进入功能时，将初始化防护，然后在功能退出时进行检查。 If a guard check fails, an error message is printed and the program exits. 如果防护检查失败，则会打印一条错误消息，并退出程序。

You still have an overflow problem, but the addition of the guard variables is apparently masking the issue. 您仍然存在溢出问题，但是添加保护变量显然掩盖了问题。 If you run your program under valgrind it should be able to detect what's happening. 如果您在valgrind下运行程序，它应该能够检测到正在发生的事情。