From: Paul Eggert <eggert@cs.ucla.edu>
To: Bruno Haible <bruno@clisp.org>
Cc: bug-gnulib@gnu.org
Subject: Re: stack bounds
Date: Sat, 10 Oct 2020 13:10:17 -0700 [thread overview]
Message-ID: <653739fd-f93a-724d-3a14-38aee4f4a41c@cs.ucla.edu> (raw)
In-Reply-To: <1748120.HhSNNjIgjO@omega>
[-- Attachment #1: Type: text/plain, Size: 860 bytes --]
On 10/10/20 5:08 AM, Bruno Haible wrote:
> On Linux, the kernel allows the stack to grow by any amount, if it does not
> become closer than 1 MB to another VMA and does not violate the set limits.
> See linux/mm/mmap.c:expand_downwards and linux/mm/mmap.c:acct_stack_growth.
> Therefore on Linux, there is no need for a guard page and no need for
> 'gcc -fstack-clash-protection'.
There's still a need, if a function declares a large local variable, as the
stack pointer can jump around the 1 MB barrier and trash other storage. If I
compile the attached program with 'gcc -m32 -O2 stackish.c' on Fedora 31 x86-64,
the program exits with status 255 (instead of crashing with a stack overflow as
it should), because the stack has overflowed and has stomped on the heap. So
stack overflow checking is not "just working", at least for this particular case.
[-- Attachment #2: stackish.c --]
[-- Type: text/x-csrc, Size: 447 bytes --]
#include <stdlib.h>
#include <string.h>
int
growby (int bsize, int argc)
{
char b[bsize];
for (int i = 0; i <= argc + 256; i++)
b[i] = i;
return b[argc] - b[argc + 256];
}
int
main (int argc, char **argv)
{
int psize = argc + 1024 * 1024 * 1024;
char *p = calloc (psize, 1);
int bsize = (char *) &p - (p + psize/2);
int status = growby (bsize, argc);
for (int i = 0; i < psize; i++)
status |= p[i]++;
return status;
}
next prev parent reply other threads:[~2020-10-10 20:10 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <m2a6xnu1sv.fsf@meyering.net>
[not found] ` <075a970b-f6aa-d2bb-e007-609a711085b2@gmail.com>
[not found] ` <CA+8g5KGBjFfHzafN2WFH6az5bQR8f68B1J-ETVWEBXvuDUL5rA@mail.gmail.com>
[not found] ` <17a0fe42-3ac6-9209-6f60-cddb5467f263@gmail.com>
[not found] ` <994fd316-0420-4b94-a1de-fea7d891c4ac@gmail.com>
2020-09-18 22:16 ` new snapshot available: grep-3.4-almost.26-5419 Paul Eggert
2020-09-18 22:42 ` Bruce Dubbs
2020-09-18 23:24 ` libsigsegv on LinuxFromScratch Bruno Haible
2020-09-18 23:47 ` Bruce Dubbs
2020-09-19 8:06 ` Bruce Dubbs
2020-09-19 23:47 ` Bruno Haible
2020-09-20 1:16 ` Bruce Dubbs
2020-09-20 23:15 ` Paul Eggert
2020-09-23 0:58 ` stack bounds Bruno Haible
2020-09-23 1:28 ` Paul Eggert
2020-10-10 12:08 ` Bruno Haible
2020-10-10 20:10 ` Paul Eggert [this message]
2020-10-10 21:49 ` Bruno Haible
2020-10-11 18:49 ` Paul Eggert
2020-10-11 22:08 ` Bruno Haible
2020-10-11 22:56 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.gnu.org/mailman/listinfo/bug-gnulib
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=653739fd-f93a-724d-3a14-38aee4f4a41c@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=bruno@clisp.org \
--cc=bug-gnulib@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).