stack protector only aborts in 99.5%
peterph at centrum.cz
Tue May 6 03:21:29 PDT 2008
Lasse Kliemann wrote:
> Compiled with
> gcc -U_FORTIFY_SOURCE overflow.c -o overflow
> and invoked this way:
> ./overflow 10 > out 2>&1
> The file `out' is then examined. A success is if it contains the string
> 'Aborted' and not the string 'segmentation fault' (case-insensitive). I did
> several 10.000 runs, and in some cases (no more then 0.5%), the outcome is
> *not* a success. But instead, the file `out' contains the output of the
> program, i.e., 0000000000.
> Is this the expected behavior? Could it become a problem?
> What could I try to track this down further?
It might be you are experiencing something I have seen on 64bit systems
(see the "tests in 5.9. cocoon toolchain" thread from Feb 2008). The
problem might be some stack alignment due to ABI.
Things you may want to try:
1) smash the stack with longer string (e.g. 20 bytes).
2) disassembling the binary (gdb command 'disassemble') might give you
some clues - there would be some "unexpected" arithmetics with the stack
pointer (instead fo plain 'push') or similar.
More information about the hlfs-dev