question about "-fstack-protector" and fedora

Jakub Jelinek jakub at
Thu Jun 30 13:31:24 UTC 2011

On Thu, Jun 30, 2011 at 03:19:10PM +0200, Reindl Harald wrote:
> as far as i can see fedora is built with "-fstack-protector" and not
> "-fstack-protector-all" - is there a specific reason for not using
> the "all" variant

Sure, it is expensive to set up the canary even when it is obvious
it isn't needed.  We by default use 4 byte+ arrays as the trigger to
add stack canaries (gcc default is 8 byte+), with -fstack-protector-all
you add it even for functions that don't have any stack variables at
all, or that have only scalar vars etc.


More information about the devel mailing list