Wireshark-dev: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 1416] crash (stack smashing) on single

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 28 May 2007 00:46:25 -0700
Jeff Morriss wrote:

bugzilla-daemon@xxxxxxxxxxxxx wrote:
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1416


stephentfisher@xxxxxxxxx changed:

[...]

Your SuSE system must have -fstack-protector / -fstack-protector-all enabled by
default in gcc.  More information about this implementation can be found at
http://www.trl.ibm.com/projects/security/ssp/node4.html for those who are
curious.

Should we turn this on in development builds (especially for the fuzz bot)?

The fuzz testing used to be done on a machine whose OS included a veersion of GCC that didn't support a "-fstack-protector" option. That machine was replaced by a machine running a later version of that OS, but the man page for GCC in that OS lists "-fstack-check", "-fstack-limit-register", and "-fstack-limit-symbol", but not "-fstack-protector" or "-fstack-protector-all".

That machine also appears to be the fastest of all the buildbot machines, so it'd probably be the fastest one for fuzz testing. However, if another machine has a GCC that supports "-fstack-protector", that might be the machine to use (and perhaps to upgrade to a faster system).