On Tue, Nov 07, 2006 at 01:16:23PM -0500, Thor Lancelot Simon wrote:
> On Tue, Nov 07, 2006 at 10:09:53AM -0800, Jason Thorpe wrote:
> > 
> > Now, one would think that __builtin_alloca() would be OK with ssp --  
> > after all, the compiler provides both, right?
> 
> I thought this, too.  But I was wrong: the way SSP works, it has to know
> the maximum stack size before entry to each new function (creation of
> each new stack frame) or it can't know where to place the "canary".

I think this is wrong. You have two different stack architectures --
top-down or buttom-up. The latter are pretty much uncritical, as buffer
underflows are rare :-) For the former, you place the canaray directly
under the saved IP and it doesn't matter how much stack space the
function consumes. I don't think GCC uses a two canaray approach, so
this shouldn't apply.

Joerg