-fstack-protector (-qstackprotect)
Category
Pragma equivalent
None.
Purpose
Provides protection against malicious input data or programming errors that overwrite or corrupt the stack.
Syntax
.- -fno-stack-protector---------------------------. >>-+- -fstack-protector------------------------------+--------->< +- -fstack-protector-all--------------------------+ +- -fstack-protector-strong-----------------------+ '- -fstack-protector --parm ssp-buffer-size--=--N-'
.-nostackprotect----------------------. | .-proc-------. | >>- -q--+-stackprotect----=----+-all--------+-+---------------->< +-size--=--N-+ +-strong-----+ '-warn-------'
Defaults
-fno-stack-protector (-qnostackprotect) when -fstack-protector (-qstackprotect) is not specified.
-fstack-protector (-qstackprotect=proc) when -fstack-protector (-qstackprotect) is specified without a suboption.
Parameters
- all
- Protects all functions whether or not functions have vulnerable objects.
- proc (-qstackprotect only)
- Provides code to prevent buffer overflows. It is equivalent to the -fstack-protector option.
- size=N (-qstackprotect only), --parm ssp-buffer-size=N (-fstack-protector only)
- Protects all functions that contain automatic arrays whose sizes are greater than or equal to N bytes. The default size is 8 bytes when the -fstack-protector (-qstackprotect) option is enabled.
- strong
- Protects additional functions that have local array definitions or that have references to local frame addresses.
- warn (-qstackprotect only)
- Issues warnings when the size of the array contained in the function is less than N bytes. It is equivalent to the -Wstack-protector option. The -Wstack-protector option is active only when -fstack-protector is active. For more details about the -Wstack-protector option, see the GNU Compiler Collection online documentation at http://gcc.gnu.org/onlinedocs/.
Usage
-fstack-protector (-qstackprotect) generates extra code to protect functions with vulnerable objects against stack corruption. The -fstack-protector (-qstackprotect) option is disabled by default because it can degrade runtime performance.
To generate code to protect all functions, enter the following command:
xlc myprogram.c -fstack-protector=all
To generate code to protect functions with objects of certain size, enter the following command with the size= parameter set to the object size indicated in bytes:
xlc myprogram.c -qstackprotect=size=8
Predefined macros
None.