GCC 4.8.3+ Does anybody aware of Stack Smashing Protection ?
david.holmes at oracle.com
Tue Jun 9 04:21:45 UTC 2015
On 6/06/2015 5:31 AM, Dmitry Samersoff wrote:
> Hi Everybody,
> I'm not sure it affects hotspot but should we care about it?
> Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be
> enabled by default. The 4.8 series will enable -fstack-protector
> while 4.9 and later enable -fstack-protector-strong.
We initially added -fstack-protector-all (and related settings under):
We removed the -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 definitions under
8047952 as they broke fastdebug builds.
If we were to make the official compiler one that enables this by
default then we would have to re-examine its affects on all platforms
and the costs involved - and then allow or disable as appropriate.
> SSP is a security feature that attempts to mitigate stack-based buffer
> overflows by placing a canary value on the stack after the function
> return pointer and checking for that value before the function returns.
> If a buffer overflow occurs and the canary value is overwritten, the
> program aborts.
> There is a small performance cost to these features. They can be
> disabled with -fno-stack-protector.
> For more information these options, refer to the GCC Manual, or the
> following articles.
More information about the hotspot-dev