Keil Logo

Technical Support

On-Line Manuals

Compiler User Guide

Preface Overview of the Compiler Getting Started with the Compiler Compiler Features Compiler Coding Practices Compiler Diagnostic Messages Using the Inline and Embedded Assemblers of the AR Compiler Command-line Options -Aopt --allow_fpreg_for_nonfpdata, --no_allow_fpreg_for_ --allow_null_this, --no_allow_null_this --alternative_tokens, --no_alternative_tokens --anachronisms, --no_anachronisms --apcs=qualifier...qualifier --arm --arm_only --asm --asm_dir=directory_name --autoinline, --no_autoinline --bigend --bitband --branch_tables, --no_branch_tables --brief_diagnostics, --no_brief_diagnostics --bss_threshold=num -c -C --c90 --c99 --code_gen, --no_code_gen --comment_section, --no_comment_section --compatible=name --compile_all_input, --no_compile_all_input --conditionalize, --no_conditionalize --cpp --cpp11 --cpp_compat --cpu=list --cpu=name --create_pch=filename -Dname[(parm-list)][=def] --data_reorder, --no_data_reorder --debug, --no_debug --debug_macros, --no_debug_macros --default_extension=ext --dep_name, --no_dep_name --depend=filename --depend_dir=directory_name --depend_format=string --depend_single_line, --no_depend_single_line --depend_system_headers, --no_depend_system_header --depend_target=target --diag_error=tag[,tag,...] --diag_remark=tag[,tag,...] --diag_style=arm|ide|gnu compiler option --diag_suppress=tag[,tag,...] --diag_suppress=optimizations --diag_warning=tag[,tag,...] --diag_warning=optimizations --dollar, --no_dollar --dwarf2 --dwarf3 -E --echo --emit_frame_directives, --no_emit_frame_directive --enum_is_int --errors=filename --exceptions, --no_exceptions --exceptions_unwind, --no_exceptions_unwind --execute_only --extended_initializers, --no_extended_initializer --feedback=filename --float_literal_pools, --no_float_literal_pools --force_new_nothrow, --no_force_new_nothrow --forceinline --fp16_format=format --fpmode=model --fpu=list --fpu=name --friend_injection, --no_friend_injection -g --global_reg=reg_name[,reg_name,...] --gnu --guiding_decls, --no_guiding_decls --help -Idir[,dir,...] --ignore_missing_headers --implicit_include, --no_implicit_include --implicit_include_searches, --no_implicit_include --implicit_key_function, --no_implicit_key_functio --implicit_typename, --no_implicit_typename --info=totals --inline, --no_inline --integer_literal_pools, --no_integer_literal_pool --interface_enums_are_32_bit --interleave -Jdir[,dir,...] --kandr_include -Lopt --library_interface=lib --library_type=lib --liclinger=seconds --link_all_input, --no_link_all_input --list --list_dir=directory_name --list_macros --littleend --locale=lang_country --long_long --loop_optimization_level=opt --loose_implicit_cast --lower_ropi, --no_lower_ropi --lower_rwpi, --no_lower_rwpi -M --md --message_locale=lang_country[.codepage] --min_array_alignment=opt --mm --multibyte_chars, --no_multibyte_chars --multifile, --no_multifile --multiply_latency=cycles --narrow_volatile_bitfields --nonstd_qualifier_deduction, --no_nonstd_qualifie -o filename -Onum --old_specializations, --no_old_specializations --old_style_preprocessing --omf_browse --ool_section_name, --no_ool_section_name -Ospace -Otime --output_dir=directory_name -P --parse_templates, --no_parse_templates --pch --pch_dir=dir --pch_messages, --no_pch_messages --pch_verbose, --no_pch_verbose --pending_instantiations=n --phony_targets --pointer_alignment=num --preinclude=filename --preprocess_assembly --preprocessed --protect_stack, --no_protect_stack --reassociate_saturation, --no_reassociate_saturat --reduce_paths, --no_reduce_paths --remarks --remove_unneeded_entities, --no_remove_unneeded_e --restrict, --no_restrict --retain=option --rtti, --no_rtti --rtti_data, --no_rtti_data -S --share_inlineable_strings, --no_share_inlineable_ --show_cmdline --signed_bitfields, --unsigned_bitfields --signed_chars, --unsigned_chars --split_ldm --split_sections --strict, --no_strict --strict_warnings --string_literal_pools, --no_string_literal_pools --sys_include --thumb --trigraphs, --no_trigraphs --type_traits_helpers, --no_type_traits_helpers -Uname --unaligned_access, --no_unaligned_access --use_frame_pointer, --no_use_frame_pointer --use_pch=filename --using_std, --no_using_std --version_number --vfe, --no_vfe --via=filename --vla, --no_vla --vsn -W --wchar, --no_wchar --wchar16 --wchar32 --whole_program --wrap_diagnostics, --no_wrap_diagnostics Language Extensions Compiler-specific Features C and C++ Implementation Details What is Semihosting? Via File Syntax Summary Table of GNU Language Extensions Standard C Implementation Definition Standard C++ Implementation Definition C and C++ Compiler Implementation Limits

--protect_stack, --no_protect_stack

7.136 --protect_stack, --no_protect_stack

Inserts a guard variable onto the stack frame for each vulnerable function.

The guard variable is inserted between any buffers and the return address entry.
A function is considered vulnerable if it contains a vulnerable array. A vulnerable array is one that has:
  • Automatic storage duration.
  • A character type (char or wchar_t).
In addition to inserting the guard variable and check, the compiler also moves vulnerable arrays to the top of the stack, immediately preceding the guard variable. The compiler stores a copy of the guard variable's value at another location, and uses the copy to check that the guard has not been overwritten, indicating a buffer overflow.

Usage

Use --protect_stack to enable the stack protection feature. Use --no_protect_stack to explicitly disable this feature. If both options are specified, the last option specified takes effect.
The --protect_stack_all option adds this protection to all functions regardless of their vulnerability.
With stack protection, when a vulnerable function is called, the initial value of its guard variable is taken from a global variable:
void *__stack_chk_guard;
You must provide this variable with a suitable value, such as a random value. The value can change during the life of the program. For example, a suitable implementation might be to have the value constantly changed by another thread. In addition, you must implement this function:
void __stack_chk_fail(void);
It is called by the checking code on detection of corruption of the guard. In general, such a function would exit, possibly after reporting a fault.

Default

The default is --no_protect_stack.

Example

In the following function, the array buf is vulnerable and the function is protected when compiled with --protect_stack:
void copy(const char *p)
{
    char buf[4];
    strcpy(buf, p);
}
Non-ConfidentialPDF file icon PDF versionARM DUI0375H
Copyright © 2007, 2008, 2011, 2012, 2014-2016 ARM. All rights reserved. 
  Arm logo
Important information

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies.

Change Settings

Privacy Policy Update

Arm’s Privacy Policy has been updated. By continuing to use our site, you consent to Arm’s Privacy Policy. Please review our Privacy Policy to learn more about our collection, use and transfers
of your data.