stack protector only aborts in 99.5%

Petr Cerny peterph at
Tue May 6 03:21:29 PDT 2008

Lasse Kliemann wrote:
> Compiled with 
>   gcc -U_FORTIFY_SOURCE overflow.c -o overflow
> and invoked this way:
>   ./overflow 10 > out 2>&1
> The file `out' is then examined. A success is if it contains the string 
> 'Aborted' and not the string 'segmentation fault' (case-insensitive). I did 
> several 10.000 runs, and in some cases (no more then 0.5%), the outcome is 
> *not* a success. But instead, the file `out' contains the output of the 
> program, i.e., 0000000000.
> Is this the expected behavior? Could it become a problem?
> What could I try to track this down further?

It might be you are experiencing something I have seen on 64bit systems 
(see the "tests in 5.9. cocoon toolchain" thread from Feb 2008). The 
problem might be some stack alignment due to ABI.

Things you may want to try:

1) smash the stack with longer string (e.g. 20 bytes).

2) disassembling the binary (gdb command 'disassemble') might give you 
some clues - there would be some "unexpected" arithmetics with the stack 
pointer (instead fo plain 'push') or similar.

Best regards

More information about the hlfs-dev mailing list