diff options
| author | Jakub Jelinek <jakub@redhat.com> | 2019-12-10 22:04:08 +0100 |
|---|---|---|
| committer | Jakub Jelinek <jakub@gcc.gnu.org> | 2019-12-10 22:04:08 +0100 |
| commit | 6b24e342cb30abb5c13e3092929837545a5bd49e (patch) | |
| tree | b77d3b21518543c4c938866fdd9afd705a527070 /gcc/doc/invoke.texi | |
| parent | 6b6a80654c704ee4ec9bb3c951af12353397a1b8 (diff) | |
| download | gcc-6b24e342cb30abb5c13e3092929837545a5bd49e.zip gcc-6b24e342cb30abb5c13e3092929837545a5bd49e.tar.gz gcc-6b24e342cb30abb5c13e3092929837545a5bd49e.tar.bz2 | |
re PR middle-end/92825 (Unnecesary stack protection in Firefox's LightPixel.)
PR middle-end/92825
* cfgexpand.c (add_stack_protection_conflicts): Change return type
from void to bool, return true if at least one stack_vars[i].decl
is addressable.
(record_or_union_type_has_array_p, stack_protect_decl_p): Remove.
(expand_used_vars): Don't call stack_protect_decl_p, instead for
-fstack-protector-strong set gen_stack_protect_signal to true
if add_stack_protection_conflicts returned true. Formatting fixes.
* doc/invoke.texi (-fstack-protector-strong): Clarify that optimized
out variables or variables not living on the stack don't count.
(-fstack-protector): Likewise. Clarify it affects >= 8 byte arrays
rather than > 8 byte.
* gcc.target/i386/pr92825.c: New test.
From-SVN: r279193
Diffstat (limited to 'gcc/doc/invoke.texi')
| -rw-r--r-- | gcc/doc/invoke.texi | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index af3c7f2..236bed9 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -13006,9 +13006,12 @@ on Intel Control-flow Enforcement Technology (CET). Emit extra code to check for buffer overflows, such as stack smashing attacks. This is done by adding a guard variable to functions with vulnerable objects. This includes functions that call @code{alloca}, and -functions with buffers larger than 8 bytes. The guards are initialized -when a function is entered and then checked when the function exits. -If a guard check fails, an error message is printed and the program exits. +functions with buffers larger than or equal to 8 bytes. The guards are +initialized when a function is entered and then checked when the function +exits. If a guard check fails, an error message is printed and the program +exits. Only variables that are actually allocated on the stack are +considered, optimized away variables or variables allocated in registers +don't count. @item -fstack-protector-all @opindex fstack-protector-all @@ -13018,7 +13021,9 @@ Like @option{-fstack-protector} except that all functions are protected. @opindex fstack-protector-strong Like @option{-fstack-protector} but includes additional functions to be protected --- those that have local array definitions, or have -references to local frame addresses. +references to local frame addresses. Only variables that are actually +allocated on the stack are considered, optimized away variables or variables +allocated in registers don't count. @item -fstack-protector-explicit @opindex fstack-protector-explicit |