File tree Expand file tree Collapse file tree
compiler/rustc_codegen_llvm/src
src/doc/rustc/src/codegen-options Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -319,7 +319,7 @@ impl CodegenBackend for LlvmCodegenBackend {
319319 buffer overflow (even in the presence of undefined behavior).
320320
321321 This provides similar security guarantees to Clang's
322- `-fstack-protector= strong`.
322+ `-fstack-protector- strong`.
323323
324324 The exact rules are unstable and subject to change, but
325325 currently, it generates stack protectors for functions that,
Original file line number Diff line number Diff line change @@ -710,7 +710,7 @@ Supported values for this option are:
710710 buffer overflow (even in the presence of undefined behavior).
711711
712712 This provides similar security guarantees to Clang's
713- ` -fstack-protector= strong ` .
713+ ` -fstack-protector- strong ` .
714714
715715 The exact rules are unstable and subject to change, but
716716 currently, it generates stack protectors for functions that,
@@ -720,6 +720,15 @@ Supported values for this option are:
720720 determined by static control flow).
721721 - ` all ` : Generate stack canaries in all functions
722722
723+ rustc does not have a mode equivalent to Clang's (or GCC's)
724+ plain ` -fstack-protector ` - ` -fstack-protector ` is an older heuristic
725+ designed for C, that only protects functions that allocate a
726+ ` char buf[N]; ` buffer on the stack, making it prone to buffer overflows
727+ from length miscalculations. This heuristic is poorly suited for Rust
728+ code. Even in C codebases, ` -fstack-protector-strong ` is nowadays
729+ preferred because plain ` -fstack-protector ` misses many stack
730+ buffer overflows.
731+
723732Stack protectors are not supported on many GPU targets, use of stack
724733protectors on these targets is an error.
725734
You can’t perform that action at this time.
0 commit comments