-fstack-protector (-qstackprotect)

Pragma equivalent

None.

Purpose

Provides protection against malicious input data or programming errors that overwrite or corrupt the stack.

Syntax

Read syntax diagramSkip visual syntax diagram
   .- -fno-stack-protector---------------------------.   
>>-+- -fstack-protector------------------------------+---------><
   +- -fstack-protector-all--------------------------+   
   +- -fstack-protector-strong-----------------------+   
   '- -fstack-protector --parm ssp-buffer-size--=--N-'   

Read syntax diagramSkip visual syntax diagram
        .-nostackprotect----------------------.   
        |                      .-proc-------. |   
>>- -q--+-stackprotect----=----+-all--------+-+----------------><
                               +-size--=--N-+     
                               +-strong-----+     
                               '-warn-------'     

Defaults

-fno-stack-protector (-qnostackprotect) when -fstack-protector (-qstackprotect) is not specified.

-fstack-protector (-qstackprotect=proc) when -fstack-protector (-qstackprotect) is specified without a suboption.

Parameters

all
Protects all functions whether or not functions have vulnerable objects.
proc (-qstackprotect only)
Provides code to prevent buffer overflows. It is equivalent to the -fstack-protector option.
size=N (-qstackprotect only), --parm ssp-buffer-size=N (-fstack-protector only)
Protects all functions that contain automatic arrays whose sizes are greater than or equal to N bytes. The default size is 8 bytes when the -fstack-protector (-qstackprotect) option is enabled.
strong
Protects additional functions that have local array definitions or that have references to local frame addresses.
warn (-qstackprotect only)
Issues warnings when the size of the array contained in the function is less than N bytes. It is equivalent to the -Wstack-protector option. The -Wstack-protector option is active only when -fstack-protector is active. For more details about the -Wstack-protector option, see the GNU Compiler Collection online documentation at http://gcc.gnu.org/onlinedocs/.

Usage

-fstack-protector (-qstackprotect) generates extra code to protect functions with vulnerable objects against stack corruption. The -fstack-protector (-qstackprotect) option is disabled by default because it can degrade runtime performance.

To generate code to protect all functions, enter the following command:

xlc myprogram.c -fstack-protector=all

To generate code to protect functions with objects of certain size, enter the following command with the size= parameter set to the object size indicated in bytes:

xlc myprogram.c -qstackprotect=size=8

Predefined macros

None.



Voice your opinion on getting help information Ask IBM compiler experts a technical question in the IBM XL compilers forum Reach out to us