问题
Most of the mature compilers appear to have good support for stack variable clobbers.
- GCC: -fstack-protector
- xlC: -qstackprotect
- intel: -fstackprotector
- windows: /RTC
For clang I've found -fsanitize=safe-stack, but it doesn't support shared libraries, which makes it pretty much useless for me.
It looks like that sanitizer is implemented as an add-on? Does anybody know if clang has any sort of alternate (built-in?) anti stack-smashing support that doesn't have the no shared library restriction, or if there are plans to generalize the existing limited safe-stack implementation to catch up to all the other compilers?
回答1:
clang support gcc's -fstack-protector option:
:: clang --help | grep stack-protector
-fno-stack-protector Disable the use of stack protectors
-fstack-protector-all Force the usage of stack protectors for all functions
-fstack-protector-strong
-fstack-protector Enable stack protectors for functions potentially vulnerable to stack smashing
And I believe it follows what GCC does here.
回答2:
Do you want to find hidden memory bugs in your app or harden it for production use? For the former you can go with -fsanitize=address which is available both in GCC and in Clang, provides excellent buffer overflow detection and can be applied to parts of your program (you won't detect all errors in this case). It's not suitable for production use though as it has a 2x performance penalty and makes program more vulnerable to external attacks.
来源:https://stackoverflow.com/questions/39371514/stack-protect-equivalent-in-clang-compiler