Not only -fstack-check protects from this exploit, also
the new clang -fcpi checker in levee https://github.com/cpi-llvm and of course the old -fsanitize=address.
-fcps does not catch it.
I haven't checked -fsanitize=safe-stack yet, as my old levee build didn't offer that.
2 comments
[ 2.8 ms ] story [ 10.6 ms ] thread-fcps does not catch it.
I haven't checked -fsanitize=safe-stack yet, as my old levee build didn't offer that.