Using gcc stack debug skill

The stack error is hard to debug, but we can debug it assisted by the tool provided by GCC. As we known, there are three options to debug the stack in gcc.

• -fstack-protector
• -fstack-protector-strong
• -fstack-protector-all To ALL functions

Here, we only check the –fstack-protector-all, see code example below.

#include <stdio.h>
#include <string.h>

void bar(char* str)
{
    char buf[4];
    strcpy(buf, str);
}

void foo()
{
    printf("It survived!");
}

int main(void)
{
    bar("Longer than 4.");
    foo();
    return 0;
}

　　

The code is wrong implementation obviously, it assigns more data to 4 byte memory in bar(). Compile it by gcc -ggdb -fstack-protector-all stack.c -o stack.

Debug it, you will find out the stack error.

gdb stack

GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.3) 7.7.1

Copyright (C) 2014 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "x86_64-linux-gnu".

Type "show configuration" for configuration details.

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>.

Find the GDB manual and other documentation resources online at:

<http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".

Type "apropos word" to search for commands related to "word"...

Reading symbols from stack...done.

(gdb) run

Starting program: /home/zjb/Documents/test/stack

*** stack smashing detected ***: /home/zjb/Documents/test/stack terminated

Program received signal SIGABRT, Aborted.

0x00007ffff7a47c37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56

56            ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.

(gdb) bt full

#0  0x00007ffff7a47c37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56

resultvar = 0

pid = 25535

selftid = 25535

#1  0x00007ffff7a4b028 in __GI_abort () at abort.c:89

save_stage = 2

act = {__sigaction_handler = {sa_handler = 0x7ffff7a21ca8, sa_sigaction = 0x7ffff7a21ca8}, sa_mask = {__val = {140737353977856, 140737488346240, 140737351925564,

140733193388032, 524302793, 1, 3, 140737353979144, 140737351927990, 0, 140737488345920, 140737347931440, 140737488346192, 140737347942264, 8192231,

140737488346176}}, sa_flags = -136470528, sa_restorer = 0x0}

sigs = {__val = {32, 0 <repeats 15 times>}}

#2  0x00007ffff7a842a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff7b93db0 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175

ap = {{gp_offset = 32, fp_offset = 0, overflow_arg_area = 0x7fffffffdd50, reg_save_area = 0x7fffffffdce0}}

fd = 3

on_2 = <optimized out>

list = <optimized out>

nlist = <optimized out>

cp = <optimized out>

written = <optimized out>

#3  0x00007ffff7b1f87c in __GI___fortify_fail (msg=<optimized out>, msg@entry=0x7ffff7b93d98 "stack smashing detected") at fortify_fail.c:38

do_abort = 1

#4  0x00007ffff7b1f820 in __stack_chk_fail () at stack_chk_fail.c:28

No locals.

#5  0x000000000040062f in bar (str=0x400751 "Longer than 4.") at stack.c:8

buf = "Long"

#6  0x000000000040068e in main () at stack.c:17

No locals.

(gdb) help bt

Print backtrace of all stack frames, or innermost COUNT frames.

With a negative argument, print outermost -COUNT frames.

Use of the 'full' qualifier also prints the values of the local variables.

Use of the 'no-filters' qualifier prohibits frame filters from executing

on this backtrace.