void
causeAnOverrun( _TCHAR *badName ){
_TCHAR myNameBuffer[5] = {0};
_tcscpy( myNameBuffer, badName );
}
int
_tmain(int argc, _TCHAR* argv[]){
_TCHAR *name = _T("Long Name");
causeAnOverrun( name );
_tprintf( _T("I got past the overflow!!\n") );
return 0;}
Is this a known issue, or should I submit a bug
George
Is the /GS switch working as expected in Beta 2?
KooT
George: yes I am now seeing exactly the same behavior. The reason is that with the /O2 (or /Ox) option the optimizer is inlining the call to causeBufferOverrun: but it is also optimizing out the assignment to myNameBuffer (as it isn't used after it is assigned to). If I add some code to your example that makes use of myNameBuffer (I added a call to _tprintf to print it out) the program does blow-up as expected.
One thing I did notice was that the code that the compiler generates for the main function is still a bit strange:
; 13 : {
00000 83 ec 0c sub esp, 12 ; 0000000cH
00003 a1 00 00 00 00 mov eax, DWORD PTR ___security_cookie
00008 33 c4 xor eax, esp
0000a 89 44 24 08 mov DWORD PTR __$ArrayPad$[esp+12], eax
; 14 : _TCHAR *name = _T("Long Name");
; 15 :
; 16 : causeAnOverrun( name );
0000e 33 c0 xor eax, eax
$LL5@main:
00010 8a 88 00 00 00
00 mov cl, BYTE PTR _C@_09KLCJEKNJ@Long 5Name $AA@[eax]
00016 83 c0 01 add eax, 1
00019 84 c9 test cl, cl
0001b 75 f3 jne SHORT $LL5@main
; 17 :
; 18 : _tprintf( _T("I got past the overflow!!\n") );
0001d 68 00 00 00 00 push OFFSET _C@_0BL@OKHMILLH@I 5got 5past 5the 5overflow $CB $CB 6 $AA@
00022 e8 00 00 00 00 call _printf
; 19 :
; 20 : return 0;
; 21 : }
Notice how it is still iterating through the characters of LongName for no reason. I have asked the optimizer team to take a look at this issue.
jochenam
When I started this little test, and I was looking at the compiler command line in the Output window, I did not see the /GS switch in the command line, even though it looked like it was part of the project properties under Code Generation. So I added it as an additional parameter to the command line. I have since tested without /GS in the command line, and I see the same results in my environment. If I set optimization to /Od or /O1, I can F5 in the IDE and trigger the buffer overrun dialog. If I set optimization to /O2 or /Ox, I do not get the buffer overrun dialog.
If you open up the project properties in the IDE and look at the Code Generation section, then highlight Buffer Security Check and look at the description given for Buffer Security Check, it reads:
"Check for buffer overruns; useful for closing hackable loopholes on internet servers; ignored for projects using CLR support. The default is enabled. (/GS-)"
The description conflicts with itself.
Nathan87
Could you show me the exact cmd-line you used when you didn't get buffer overrun detection. If you add /Bd /Bv to your cmd-line it will show you the exact version of the compiler you are using along with the complete set of cmd-line options that are being used.
Carl97
Let me know if there is any sort of bug I need to file WRT this.
George
Damien Armstrong
Origamidave
Prabhjeet Singh
George: you should go ahead and file the code-generation bug so that a) we don't lose track of it and b) we know that it was found by a customer.
Kashif Chotu
1>------ Rebuild All started: Project: BufferOverflow, Configuration: Release Win32 ------
1>Deleting intermediate and output files for project 'BufferOverflow', configuration 'Release|Win32'
1>Compiling...
1>Compiler Passes:
1> C:\vs2005\VC\bin\cl.exe: Version 14.00.50215.44
1> C:\vs2005\VC\bin\c1.dll: Version 14.00.50215.44
1> C:\vs2005\VC\bin\c1xx.dll: Version 14.00.50215.44
1> C:\vs2005\VC\bin\c2.dll: Version 14.00.50215.44
1> C:\vs2005\VC\bin\link.exe: Version 8.00.50215.44
1> C:\vs2005\Common7\ide\mspdb80.dll: Version 8.00.50215.44
1> C:\vs2005\VC\bin\1033\clui.dll: Version 14.00.50215.44
1>stdafx.cpp
1>`C:\vs2005\VC\bin\c1xx.dll -zm0x79170000 -il C:\DOCUME~1\geckert\LOCALS~1\Temp\_CL_0a384f45 -f .\stdafx.cpp -Ze -D_MSC_EXTENSIONS -Zp8 -ZB64 -D_INTEGRAL_MAX_BITS=64 -Gs -pc \:/ -D_MSC_VER=1400 -D_MSC_FULL_VER=140050215 -D_WIN32 -D_M_IX86=600 -D_M_IX86_FP=0 -GR -D_CPPRTTI -Zc:forScope -Zc:wchar_t -GF -Og -Oi -Ot -Oy -DWIN32 -DNDEBUG -D_CONSOLE -D_UNICODE -DUNICODE -FD -EHs -D_CPPUNWIND -EHc -D_MT -D_DLL -Ycstdafx.h -FpRelease\BufferOverflow.pch -FoRelease\stdafx.obj -FdRelease\vc80.pdb -W 3 -D_Wp64 -Wp64 -Zi -GS -Bd -nologo -errorreport:prompt -I C:\vs2005\VC\include -I C:\vs2005\VC\atlmfc\include -I C:\vs2005\VC\PlatformSDK\include -I C:\vs2005\VC\PlatformSDK\common\include -I C:\vs2005\SDK\v2.0\include -sqm C:\Documents and Settings\geckert\Application Data\Microsoft\VSCommon\8.0\SQM\sqmcpp80.log'
1>ENC_CWD=c:\vs2005_test\BufferOverflow\BufferOverflow
1>ENC_CL=C:\vs2005\VC\bin\cl.exe
1>ENC_SRC=.\stdafx.cpp
1>ENC_PDB=c:\vs2005_test\BufferOverflow\BufferOverflow\Release\vc80.pdb
1>ENC_CMD=-O2 -DWIN32 -DNDEBUG -D_CONSOLE -D_UNICODE -DUNICODE -FD -EHs -EHc -MD -Ycstdafx.h -Fpc:\vs2005_test\BufferOverflow\BufferOverflow\Release\BufferOverflow.pch -Foc:\vs2005_test\BufferOverflow\BufferOverflow\Release\ -Fdc:\vs2005_test\BufferOverflow\BufferOverflow\Release\vc80.pdb -W3 -c -Wp64 -Zi -TP -GS -Bd -Bv -nologo -errorreport:prompt -IC:\vs2005\VC\include -IC:\vs2005\VC\atlmfc\include -IC:\vs2005\VC\PlatformSDK\include -IC:\vs2005\VC\PlatformSDK\common\include -IC:\vs2005\SDK\v2.0\include -X
1>`C:\vs2005\VC\bin\c2.dll -il C:\DOCUME~1\geckert\LOCALS~1\Temp\_CL_0a384f45 -f .\stdafx.cpp -Gs4096 -dos -Og -Ob2 -Gy -EHs -MD -Yc -FoRelease\stdafx.obj -FdRelease\vc80.idb -W 3 -Zi -GS -Bd -errorreport:prompt'
1>Compiling...
1>Compiler Passes:
1> C:\vs2005\VC\bin\cl.exe: Version 14.00.50215.44
1> C:\vs2005\VC\bin\c1.dll: Version 14.00.50215.44
1> C:\vs2005\VC\bin\c1xx.dll: Version 14.00.50215.44
1> C:\vs2005\VC\bin\c2.dll: Version 14.00.50215.44
1> C:\vs2005\VC\bin\link.exe: Version 8.00.50215.44
1> C:\vs2005\Common7\ide\mspdb80.dll: Version 8.00.50215.44
1> C:\vs2005\VC\bin\1033\clui.dll: Version 14.00.50215.44
1>BufferOverflow.cpp
1>`C:\vs2005\VC\bin\c1xx.dll -zm0x79170000 -il C:\DOCUME~1\geckert\LOCALS~1\Temp\_CL_2734bcd7 -f .\BufferOverflow.cpp -Ze -D_MSC_EXTENSIONS -Zp8 -ZB64 -D_INTEGRAL_MAX_BITS=64 -Gs -pc \:/ -D_MSC_VER=1400 -D_MSC_FULL_VER=140050215 -D_WIN32 -D_M_IX86=600 -D_M_IX86_FP=0 -GR -D_CPPRTTI -Zc:forScope -Zc:wchar_t -GF -Og -Oi -Ot -Oy -DWIN32 -DNDEBUG -D_CONSOLE -D_UNICODE -DUNICODE -FD -EHs -D_CPPUNWIND -EHc -D_MT -D_DLL -Yustdafx.h -FpRelease\BufferOverflow.pch -FoRelease\BufferOverflow.obj -FdRelease\vc80.pdb -W 3 -D_Wp64 -Wp64 -Zi -GS -Bd -nologo -errorreport:prompt -I C:\vs2005\VC\include -I C:\vs2005\VC\atlmfc\include -I C:\vs2005\VC\PlatformSDK\include -I C:\vs2005\VC\PlatformSDK\common\include -I C:\vs2005\SDK\v2.0\include -sqm C:\Documents and Settings\geckert\Application Data\Microsoft\VSCommon\8.0\SQM\sqmcpp80.log'
1>.\BufferOverflow.cpp(10) : warning C4996: 'wcscpy' was declared deprecated
1> C:\vs2005\VC\include\wchar.h(944) : see declaration of 'wcscpy'
1>ENC_CWD=c:\vs2005_test\BufferOverflow\BufferOverflow
1>ENC_CL=C:\vs2005\VC\bin\cl.exe
1>ENC_SRC=.\BufferOverflow.cpp
1>ENC_PDB=c:\vs2005_test\BufferOverflow\BufferOverflow\Release\vc80.pdb
1>ENC_CMD=-O2 -DWIN32 -DNDEBUG -D_CONSOLE -D_UNICODE -DUNICODE -FD -EHs -EHc -MD -Yustdafx.h -Fpc:\vs2005_test\BufferOverflow\BufferOverflow\Release\BufferOverflow.pch -Foc:\vs2005_test\BufferOverflow\BufferOverflow\Release\ -Fdc:\vs2005_test\BufferOverflow\BufferOverflow\Release\vc80.pdb -W3 -c -Wp64 -Zi -TP -GS -Bd -Bv -nologo -errorreport:prompt -IC:\vs2005\VC\include -IC:\vs2005\VC\atlmfc\include -IC:\vs2005\VC\PlatformSDK\include -IC:\vs2005\VC\PlatformSDK\common\include -IC:\vs2005\SDK\v2.0\include -X
1>`C:\vs2005\VC\bin\c2.dll -il C:\DOCUME~1\geckert\LOCALS~1\Temp\_CL_2734bcd7 -f .\BufferOverflow.cpp -Gs4096 -dos -Og -Ob2 -Gy -EHs -MD -FoRelease\BufferOverflow.obj -FdRelease\vc80.idb -W 3 -Zi -GS -Bd -errorreport:prompt'
1>Linking...
1>Embedding manifest...
1>Build log was saved at "file://c:\vs2005_test\BufferOverflow\BufferOverflow\Release\BuildLog.htm"
1>BufferOverflow - 0 error(s), 1 warning(s)
========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========