Hi Everyone, Following is the program that worked (or didn't worked, whatever). #include<stdio.h> #include<stdlib.h> void buffer_overflow ( ) { long int i = 0; char str[29]; for ( i = 0; i < 50; i++){ str[i] = '\0'; } } int main () { buffer_overflow ( ); exit ( 0); } # ./a.out *** stack smashing detected ***: <unknown> terminated Aborted # The difference between the old one and new one is that the buffer (.i.e. str) is now allocated on the stack of function “buffer_overflow”. While earlier it was part of “main” function, so I was actually corrupting stack of “main” function rather then “buffer_overflow”. Thanks to John Love-Jensen (www.nabble.com), who pointed out that, I am actually smashing function main’s stack. Slowly and slowly I am starting to believe in the term “Global Village”. :-) Learning’s: 1. SSP (SS Protection) is actually helpful in detecting case of small buffer overflows, if the function goes really haywire no one can protect it. Actually it should be called SSD (Stack Smashing Detection) rather than SSP as it doesn't protect but detects. 2. One can mix signal handling for SIGABRT with “-fstack-protector”, if one is looking for recovery/cleanup also. Though I am not sure whether it's good idea. For example: #include <stdio.h> #include <stdlib.h> #include <signal.h> void buffer_overflow ( ) { long int i; char str[29]; for ( i = 0; i < 50; i++) { str [i] = '\0'; } printf ( "Loop finished\n"); } void sig_abrt_hand ( int i, siginfo_t* inf, void* j) { printf ( "sig_abrt_hand\n"); exit ( 1); } int main () { struct sigaction act; act.sa_sigaction = sig_abrt_hand; //act.sa_handler = SIG_IGN; // Bad idea sigaction ( SIGABRT, &act, NULL); printf ( "SSP Demo\n"); buffer_overflow ( ); exit ( 0); } And finally the one with function “main” getting smashed. Due thanks to Sharath who directed me towards Google groups. http://www.orkut.com/Profile.aspx?uid=13571966778342355640 And to Mr. Paul Pluzhnikov #include <stdio.h> #include <stdlib.h> void buffer_overflow ( char* str) { long int i; for ( i = 0; i < 999; i++) { str [i] = '\0'; } } int main () { char str[29]; buffer_overflow ( str); return ( 0); } Difference between this one and original one is the “return” as the last statement rather then “exit”, so one should be careful while “exiting” from main. Ashish wrote: > > Hi, > > I am trying to test the buffer protection mechanism of gcc. > > I am running gcc version 4.1.0 and here is my program. > > > #include<stdio.h> > #include<stdlib.h> > > void buffer_overflow ( char* str) > { > long int val = 0; > for ( val = 0; val < 11999; val++){ > str[val] = '\0'; > } > } > > int main () > { > char str[29]; > > buffer_overflow ( str); > > exit ( 0); > } > > > Even after compiling this program with command "gcc -fstack-protector-all > buffer_overflow.c", exactable runs fine without any error. > > Please not that the limit (11999) in function can very from system to > system, so please don't reply that it's giving error on your system. > > According to my thinking even after writing one byte more it should throw > out an error. > > Even after increasing the limit, program gives segmentation fault, whereas > it should give program error. > > Please help me in getting answer for this, or please guide me to any forum > on net where I can get answer of this question. > -- View this message in context: http://www.nabble.com/gcc--fstack-protector-all-option-tf2126623.html#a5901906 Sent from the gcc - Help forum at Nabble.com.