On 07/20/2014 07:49 PM, Vincent Lefevre wrote:
It appears that GCC can generate code that yields silent stack-heap collision under GNU/Linux. I mean, the program doesn't crash (at least not immediately), the memory just gets corrupted. At the same time, this overrides the stack-size limit defined at the kernel level (getrlimit system call / RLIMIT_STACK) because the kernel has no chance to detect the collision (no page fault); thus this limit doesn't protect the user, and the problem seems to be on GCC's side. Why aren't such collisions detected by default?
You can try -fstack-check, but it instruments functions unnecessarily. -- Florian Weimer / Red Hat Product Security
