-fstack-protector (-qstackprotect)

Category

Error checking and debugging

Pragma equivalent

None.

Purpose

Provides protection against malicious input data or programming errors that overwrite or corrupt the stack.

Syntax

Read syntax diagramSkip visual syntax diagram
   .- -fno-stack-protector---------------------------.   
>>-+- -fstack-protector------------------------------+---------><
   +- -fstack-protector-all--------------------------+   
   +- -fstack-protector-strong-----------------------+   
   '- -fstack-protector --parm ssp-buffer-size--=--N-'   


Read syntax diagramSkip visual syntax diagram
        .-nostackprotect----------------------.   
        |                      .-proc-------. |   
>>- -q--+-stackprotect----=----+-all--------+-+----------------><
                               +-size--=--N-+     
                               +-strong-----+     
                               '-warn-------'     

Defaults

-fno-stack-protector (-qnostackprotect) when -fstack-protector (-qstackprotect) is not specified.

-fstack-protector (-qstackprotect=proc) when -fstack-protector (-qstackprotect) is specified without a suboption.

Parameters

all
Protects all functions whether or not functions have vulnerable objects.
proc (-qstackprotect only)
Provides code to prevent buffer overflows. It is equivalent to the -fstack-protector option.
size=N (-qstackprotect only), --parm ssp-buffer-size=N (-fstack-protector only)
Protects all functions that contain automatic arrays whose sizes are greater than or equal to N bytes. The default size is 8 bytes when the -fstack-protector (-qstackprotect) option is enabled.
strong
Protects additional functions that have local array definitions or that have references to local frame addresses.
warn (-qstackprotect only)
Issues warnings when the size of the array contained in the function is less than N bytes. It is equivalent to the -Wstack-protector option. The -Wstack-protector option is active only when -fstack-protector is active. For more details about the -Wstack-protector option, see the GNU Compiler Collection online documentation at http://gcc.gnu.org/onlinedocs/.

Usage

-fstack-protector (-qstackprotect) generates extra code to protect functions with vulnerable objects against stack corruption. The -fstack-protector (-qstackprotect) option is disabled by default because it can degrade runtime performance.

To generate code to protect all functions, enter the following command:

xlc myprogram.c -fstack-protector=all

To generate code to protect functions with objects of certain size, enter the following command with the size= parameter set to the object size indicated in bytes:

xlc myprogram.c -qstackprotect=size=8

Predefined macros

None.

Parent topic: Individual option descriptions


Voice your opinion on getting help information Ask IBM compiler experts a technical question in the IBM XL compilers forum Reach out to us