0x330 Compiler


  • compiler
  • JIT compiler
  • Interpreter


Lexical Analysis

Syntax Analysis

Semantic Analysis



There are several compilers features to mitigate security risks

Stack smashing protector

  • To mitigate risk of stack buffer overflow. (only mitigate, can be exploited by overwriting canary by the correct value, maybe overwriting the canary’s global reference ?)
  • insert canary variable into higher stack address before running risk function.
  • Check whether the canary (expected value is on heap) has been modified after running risk.
/* Note how buffer overruns are undefined behavior and the compilers tend to
   optimize these checks away if you wrote them yourself, this only works
   robustly because the compiler did it itself. */
extern uintptr_t __stack_chk_guard;
noreturn void __stack_chk_fail(void);
void foo(const char* str)
	uintptr_t canary = __stack_chk_guard;  // automatically inserted by compiler
	char buffer[16];
	strcpy(buffer, str);
	if ( (canary = canary ^ __stack_chk_guard) != 0 ) // automatically inserted by compiler