c - Order of variable declaration in asm x86? -

-

here piece of code : 

int main() {    char buffer[64];   int check; ...

as can see, check declared after buffer, in stack, must have check above buffer in stack right?

however, when disassembly (x86) gdb, got :

--> check @ 0xbffff4f8

--> buffer @ 0xbffff4b8

my question : there specific order in stack local variable?

also, have tell tried same thing on computer (x86 too, same gcc compilation options, different gdb version , linux distrib), , order not same...:s

thanks !

ps: if want more details, please see screenshot : (left computer 1 , right computer 2) enter image description here

there -fstack-protect in gcc reorder stack variables, turned on default in linux os variant 10 years, ubuntu, redhat, gentoo. default since gcc 4.8.3 ("4.9 , later enable -fstack-protector-strong.")

ubuntu page gcc defaults: https://wiki.ubuntu.com/toolchain/compilerflags

ubuntu-specific default compiler flags in toolchain used provide additional security features ubuntu. ... default flags -fstack-protector ... first enabled in ubuntu 6.10.

ubuntu page stack protection https://wiki.ubuntu.com/gccssp

gcc 4.1 comes ssp now, nice technology mitigate exploitability of many buffer overflows. ... ssp provides technology stop exploitability of class of vulnerabilities (1) reordering stack variables ... redhat , gentoo using ssp default years

this reordering requires several o(n^2) walks on local variables of function make compilation slower long functions, example "why compiling on 100,000 lines of std::vector::push_back take long time?" - https://stackoverflow.com/a/14034393/196561

deferred allocation forced when -fstack-protect enabled (sometimes needs reorder stack variables). .. cfgexpand.c

969 /* subroutine of expand_one_var.  var variable 970    allocated local stack frame.  return true if wish 971    add var stack_vars coalesced other 972    variables.  return false allocate var immediately. 973  974    function used reduce number of variables considered 975    coalescing, reduces size of quadratic problem.  */ 976  977 static bool 978 defer_stack_allocation (tree var, bool toplevel) 980   /* if stack protection enabled, *all* stack variables must deferred, 981      can re-order strings top of frame.  */

so, gcc reorder stack variables, , strings @ top of frame. try -fno-stack-protector option disable.

as usual, gcc's author don't document how -fstack-protect works in public documentation https://gcc.gnu.org/onlinedocs/gcc/instrumentation-options.html:

-fstack-protector emit code check buffer overflows, such stack smashing attacks. done adding guard variable functions vulnerable objects. includes functions call alloca, , functions buffers larger 8 bytes. guards initialized when function entered , checked when function exits. if guard check fails, error message printed , program exits.

-fstack-protector-all -fstack-protector except functions protected.

-fstack-protector-strong -fstack-protector includes additional functions protected — have local array definitions, or have references local frame addresses.

-fstack-protector-explicit -fstack-protector protects functions have stack_protect attribute.

and documentation of array-before-locals see real, best documentation: source code

https://gcc.gnu.org/viewcvs/gcc/branches/gcc-4_6-branch/gcc/cfgexpand.c?revision=175029&view=markup#l1526 - expand_used_vars()

1533          if (has_protected_decls) 1534            { 1535              /* phase 1 contains character arrays.  */ 1536              expand_stack_vars (stack_protect_decl_phase_1); 1537     1538              /* phase 2 contains other kinds of arrays.  */ 1539              if (flag_stack_protect == 2) 1540                expand_stack_vars (stack_protect_decl_phase_2); 1541            } 1542     1543          expand_stack_vars (null);

phase 1 , phase 2 vars separated stack_protect_decl_phase() https://gcc.gnu.org/viewcvs/gcc/branches/gcc-4_6-branch/gcc/cfgexpand.c?revision=175029&view=markup#l1235

1235    /* return nonzero if decl should segregated "vulnerable" upper 1236       part of local stack frame.  remember if ever return nonzero 1237       variable in function.  return value phase number in 1238       variable should allocated.  */ 1239     1240    static int 1241    stack_protect_decl_phase (tree decl)  ... 1243      unsigned int bits = stack_protect_classify_type (tree_type (decl));  ... 1249      if (flag_stack_protect == 2) 1250        { 1251          if ((bits & (spct_has_small_char_array | spct_has_large_char_array)) 1252              && !(bits & spct_has_aggregate)) 1253            ret = 1; 1254          else if (bits & spct_has_array) 1255            ret = 2; 1256        }

stack_protect_classify_type return bits has_array has_*_char_array arrays of char (both char, unsigned char , signed char)


Comments

Post a Comment

Popular posts from this blog

Delphi XE2 Indy10 udp client-server interchange using SendBuffer-ReceiveBuffer -

-
i use delphi xe2 , indy10 udp protocol. can't receive server echo on client side if use receivebuffer method. got "socket error # 10040" although send small echo message server client. console application illustrate problem below. in advance. program project1; {$apptype console} {$r *.res} uses system.sysutils, idglobal, idbasecomponent, idcomponent, idsockethandle, idudpclient, idudpserver, idudpbase, idstack; type tudp_serv = class(tidudpserver) procedure udpsvudpread(athread: tidudplistenerthread; adata: tidbytes; abinding: tidsockethandle); end; var udpserver: tudp_serv; udpcl: tidudpclient; bsnd, brcv: tbytes; s: string; k: integer; //============================================================================== procedure tudp_serv.udpsvudpread(athread: tidudplistenerthread; adata: tidbytes; abinding: tidsockethandle); begin writeln(' server read: ' + tohex(adata, length(adata))); abinding sendto(peerip, peerport, adat...
Read more

Qt ActiveX WMI QAxBase::dynamicCallHelper: ItemIndex(int): No such property in -

-
i new windows programming. here goes code objiwbemlocator = new qaxobject("wbemscripting.swbemlocator"); objwmiservice = objiwbemlocator->querysubobject("connectserver(qstring&,qstring&)",qstring("."),qstring("root\\cimv2")); qaxobject* returnlist = objwmiservice->querysubobject("execquery(qstring&)", qstring("select * %1").arg(domain)); qaxobject* result = returnlist->querysubobject("itemindex(int)", 0); i getting error on runtime qt activex wmi qaxbase::dynamiccallhelper: itemindex(int): no such property in but itemindex method exists msdn says the itemindex method not work collections not contain swbemobjects, such swbemmethodset, swbemnamedvalueset, swbemprivilegeset, swbempropertyset, , swbemqualifierset. what selecting ? have tried iterating on collection ? plus need minimum windows vista itemindex method. hope helps
Read more

Enable autocomplete or intellisense in Atom editor for PHP -

-
i'm first time user of atom editor php code. atom can autocomplete built-in functions of php. possible make editor autocomplete custom function written in separate file? function.php <?php function printsomething() { echo "hello world"; } index.php <?php require_once "function.php"; printsomething(); // autocompleted atom editor while typing thanks in advance. there text file in %userprofile%.atom called snippets.cson. in there can add snippet. more this: http://flight-manual.atom.io/using-atom/sections/snippets/ but need think can use later on other files well. otherwise need copy , paste.
Read more