On Mon, Mar 25, 2019 at 03:01:25PM +0100, Florian Weimer wrote: > * Xi Ruoyao: > > > On 2019-03-25 13:06 +0000, Jonny Grant wrote: > >> > >> I built & ran with the Sanitizer, it seems it's also stack overflow > >> within the operator new() > >> > >> I had thoughts GCC would generate code that monitored the stack size and > >> aborted with a clear message when the stack size was exceeded. Looked > >> online, and it doesn't seem to be the case. > > > > Impossible. We can't distinguish "stack overflow" with other segmentation > > faults. > > I think “impossible” is too strong. > > It would be possible to annotate implicit probes and explicit probes > generated by -fstack-clash-protection in DWARF, and use that > information to generate a more precise error message. > > Or we could set a bit on the guard page that instructs the kernel to > report an additional fault flag somewhere in siginfo_t. In fact, with > protection keys, we could do this today, without any kernel changes > whatsoever (but protection flags are not widely supported, > unfortunately). > > The second approach will have false positives, but as buffer overflows > tend to proceed towards higher addresses and stacks grow downward, > only really bogus pointers would be misreported (and once you have > those, all bets are off anyway). Another thing that could be done is looking if the instruction that faulted uses the (ABI or arch mandated) stack pointer. This will catch most common cases, for example most unbounded recursions. It isn't perfect of course but would be quite helpful normally, esp. if it said something like "this look like a stack overflow". Segher
