-qstackprotect

In z/OS® XL C/C++, -qstackprotect provides protection against malicious input data or programming errors that overwrite or corrupt the stack.

In Open XL C/C++ for z/OS, -fstack-protector, -fstack-protector-strong, and -fstack-protector-all are functionally similar to -qstackprotect.

If you used -qstackprotect=size=n to specify a minimum array size in z/OS XL C/C++, you can specify -fstack-protector with --param ssp-buffer-size=n in Open XL C/C++ for z/OS.

When -qstackprotect is in effect in z/OS XL C/C++, if the compiler considers a function might be vulnerable and need protection but could become a leaf procedure, it chooses to make the function a leaf procedure instead of protecting it. When Open XL C/C++ for z/OS considers a function might be vulnerable and need protection but could become a leaf procedure, it chooses to protect the function instead of making it a leaf procedure. Because -fstack-protector-all prevents all functions from getting optimized into a leaf procedure, it might have a greater performance impact than -qstackprotect=all does.

In z/OS XL C/C++, when -qstackprotect is in effect, the compiler considers the following objects as potentially vulnerable: arrays of any type, variable length arrays, objects that are created from the alloca() function, and variables that have their address taken. In Open XL C/C++ for z/OS, when -fstack-protector is in effect, the compiler only considers char (or 8-bit integer) arrays and objects that are created from the alloca() function as potential vulnerable objects.

With -fstack-protector-strong, Open XL C/C++ for z/OS considers the same set of object types as potential vulnerable objects as z/OS XL C/C++ does with -qstackprotect. But Open XL C/C++ for z/OS does not follow any minimum array size requirement and --param ssp-buffer-size=N is ignored. In other words, compared to -qstackprotect=size=N, -fstack-protector --param ssp-buffer-size=N is weaker and protects fewer functions, while -fstack-protector-strong is equivalent to -qstackprotect=size=0. So when N does not equal to 0, -fstack-protector-strong is stronger and protects more functions than -qstackprotect=size=N.