Reputation: 2319
Mechanisms for stack buffer overflow detection?
Compiling and running the following:
void main() {
int array[10];
array[10] = 2;
}
Which is to my understanding stack overrun.
GCC does not seem to detect the problem.
Only when I compile using the additional flag -fstack-protector-all I get the stack trace.
Is there a way to detect erroneous illegal memory access for a binary compiled and linked without the gcc flag -fstack-protector-all, or it will run normally and the process would then access memory which does not belong to it?
Upvotes: 0
Views: 258
Answers (1)
Reputation: 21916
First of all, many modern distros will enable -fstack-protector and other security measures (_FORTIFY_SOURCE, -fPIE, etc.) by default so you program will get some protection even without you asking for it.
Secondly, if that's not the case and buffer overflow results in a really bad error (e.g. accessing invalid memory or overwriting return address), kernel will kill the application and dump core.
More subtle errors (which cause program to malfunction but not in obvious ways), will go undetected though. There's no way to diagnose them without e.g. recompiling with ASan.
P.S. Keep in mind that simple one-line buffer overflows like the one in your question tend to be optimized out by compiler. My GCC 5.4.0 simply dropped access to array[10].
Upvotes: 1
Related Questions
- Preventing buffer overflow in C/C++
- GCC how to detect stack buffer overflow
- How to detect possible / potential stack overflow problems in a c / c++ program?
- Detecting stack overflows during runtime beforehand
- stack execution protection and randomization on ubuntu
- What are the prevention techniques for the Buffer overflow attacks?
- Stack-based overflow code from Hacking: The Art of Exploitation
- Tools and methods to identify/prevent static buffer overruns
- Question with stack smashing protection and buffer overflows
- How run-time detects buffer overflow?