CVE-2016-3922 is an example of a vulnerability where -fstack-check would prevent exploitation. Reported a few of these a while ago. @marver
GCC makes it hard by documenting that -fstack-check is broken/unsafe-to-use without target backend support.
-
-
Because they implemented it wrong rather than as a generic part of stack frame handling. Because GCC.
-
It should be fixed in GCC 6 and perhaps earlier, but it doesn't work with overly large alloca / VLAs.
-
There's a way to catch it for VLAs - not alloca (-fsanitize=vla-bound + trapping enabled) but it shouldn't be needed.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.