cancel
Showing results for 
Search instead for 
Did you mean: 

Using stack-protector with CubeIDE

Konami
Senior II

I'm looking for some info about and help with using -fstack-protector and similar compiler options with STM32CubeIde. I've never used these flags before, but enabling them does seem to compile fine. Am I correct in assuming that the GCC supplied with Cube supports this? Where is the implementation of required functions (ie. __stack_chk_guard)? Can I just override these?

Any guidance on how to use these options for STM32?

1 ACCEPTED SOLUTION

Accepted Solutions
FBL
ST Employee

Hello @DB.7ujak​ 

Indeed, it is supported.

In order to use -fstack-protector in STM32CubeIDE, you can follow these steps:

  1. Open your project in CubeIDE, and go to Project > Properties.
  2. In the Properties dialog box, navigate to C/C++ Build > Settings.
  3. In the Settings page, navigate to Tool Settings > MCU C Compiler > Miscellaneous.
  4. In the Miscellaneous page, check the box next to "-fstack-protector" to enable the flag.

0693W00000aHLA0QAO.pngOnce you have enabled -fstack-protector, the required functions, including __stack_chk_guard, will be automatically generated by the compiler. You do not need to override these functions, as they are part of the compiler's implementation. It is a security feature that can prevent buffer overflow.

Hope this helps!

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.


I'm out of offce with limited access to my emails.
Happy New Year!

View solution in original post

2 REPLIES 2
FBL
ST Employee

Hello @DB.7ujak​ 

Indeed, it is supported.

In order to use -fstack-protector in STM32CubeIDE, you can follow these steps:

  1. Open your project in CubeIDE, and go to Project > Properties.
  2. In the Properties dialog box, navigate to C/C++ Build > Settings.
  3. In the Settings page, navigate to Tool Settings > MCU C Compiler > Miscellaneous.
  4. In the Miscellaneous page, check the box next to "-fstack-protector" to enable the flag.

0693W00000aHLA0QAO.pngOnce you have enabled -fstack-protector, the required functions, including __stack_chk_guard, will be automatically generated by the compiler. You do not need to override these functions, as they are part of the compiler's implementation. It is a security feature that can prevent buffer overflow.

Hope this helps!

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.


I'm out of offce with limited access to my emails.
Happy New Year!
DreamOnDirac
Associate III

Hi

According to the GCC documentation, stack-usage and stack-protection is not the same thing.

https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html

stack-usage is indeed useful, but it is not the feature that is requested by the OP.

Eric Stryger has made an excellent post about stack-protection here:

https://mcuoneclipse.com/2019/09/28/stack-canaries-with-gcc-checking-for-stack-overflow-at-runtime/ 

 

I have also made requests on the subject here on this forum

https://community.st.com/t5/stm32cubeide-mcus/please-change-gcc-stack-canary-to-be-weak/td-p/630140 

Best regards

Martin