| 1 |
On 12/24/2017 02:43 AM, Adam Carter wrote: |
| 2 |
> Oh I just noticed that vtv is now default enabled for gcc, so you |
| 3 |
> could try; |
| 4 |
> |
| 5 |
> CXXFLAGS="${CFLAGS} -fvtable-verify=std" |
| 6 |
> |
| 7 |
> I tried this on earlier gccs, and there was a fair bit of breakage so |
| 8 |
> i didnt persue it. Maybe i'll re-try with 7.2 to see how things have |
| 9 |
> progressed. |
| 10 |
|
| 11 |
Would you please elaborate on what types of breakage you saw? |
| 12 |
|
| 13 |
> "security feature that verifies at run time, for every virtual call, |
| 14 |
> that the vtable pointer through which the call is made is valid for the |
| 15 |
> type of the object, and has not been corrupted or overwritten. If an |
| 16 |
> invalid vtable pointer is detected at run time, an error is reported |
| 17 |
> and execution of the program is immediately halted" |
| 18 |
|
| 19 |
I'm extremely new to these types of thing and don't truly understand the |
| 20 |
failure mode of things like this. It sound slike vtable-verify will |
| 21 |
conceptually make things more secure. But I don't know enough to know |
| 22 |
how likely believed to be perfectly happy code will pass or fail such |
| 23 |
vtable verifications. |
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
-- |
| 28 |
Grant. . . . |
| 29 |
unix || die |
Archives