Previously, GCC offered only two stack protector modes, -fstack-protector and -fstack-protector-all. The inserted check fails if the canary differs from the expected value loaded from a global variable. The stack protector uses a canary value in the stack frame.
#STACK SMASHING DETECTED VMWARE CODE#
This happens before the jump to the return address popped of the stack, and is intended to make exploitation of stack-based buffer overflows for arbitrary code execution more difficult. When any of these flags are used, GCC instruments the function return instruction with a probabilistic check that the stack frame is not corrupted. The GCC flags -fstack-protector and -fstack-protector-all activate the Stack Smashing Protector (SSP). Notice the message " stack smashing detected", which implies that GCC's stack protector feature is being used. ⤷(e_mail_config_service_page_add_scratch_source+0x344) usr/lib64/evolution/3.10/libevolution-mail.so⤵ *** stack smashing detected ***: evolution terminated The crash in question looked like this: $ evolution Vadim Rutkovsky reported that Evolution 3.9.4 in Fedora rawhide crashed during the initial setup when built with -fstack-protector-strong flag. Our example debugging session is based on a GNOME bug report for Evolution.
#STACK SMASHING DETECTED VMWARE HOW TO#
This post shows how to debug stack protector failures. Each time we add more security instrumentation, we also uncover some previously hidden bugs. GCC upstream and Fedora 19 recently improved the stack smashing protector. Co-contributors: Dhiru Kholia and Florian Weimer The information may no longer be current. The OS can't distinguish malicious intent from an accident, however, so it assumes that anything that tries to overwrite the return address is an attempted stack smash.This article was originally published on the Red Hat Customer Portal. "Smashing the stack" colloquially refers to exploiting a buffer overflow (where do you think that buffer is? On the heap? No, it's on the stack, so the overflow is a stack overflow) deliberately in order to change the return address. If that is the case, the solution is to allocate memory from the heap (ie using malloc or new) to hold the contents of the file.īut isn't that a stack overflow, not a stack smash?Ī stack smash normally occurs when you overflow a buffer and overwrite the function calls return address, so when the stack tries to pop it goes into la-la land. So there's no problem reading in a small file but there is reading in a larger file. I would guess that the code for the program uses a local variable to hold the contents of the file. My guess is that message means that the program has used up all of the available stack and therefore can no longer continue executing.