Home

StackCanaries

Stack canaries, or stack guard values, are a defensive mechanism designed to detect stack-based buffer overflows. A canary value is placed in the function's stack frame, typically between local variables and the control data (the saved frame pointer and the return address).

The program then verifies the canary value before returning from the function. If a buffer overflow has

Most modern compilers implement stack canaries as part of stack protection features, such as GCC's -fstack-protector

Limitations include: canaries only detect overflows that touch the canary location; they do not prevent overflows

Related approaches include shadow stacks and control-flow integrity mechanisms, which provide complementary protection against advanced memory

overwritten
the
canary,
the
mismatch
triggers
an
abort,
stopping
the
exploit
from
altering
control
flow.
The
canary
value
is
usually
chosen
randomly
at
program
startup
to
reduce
predictability.
and
-fstack-protector-strong,
and
Clang's
equivalents.
The
canary
is
stored
in
a
location
that
is
checked
on
function
exit
(epilogue).
It
can
be
32-bit
or
64-bit
depending
on
architecture.
Some
systems
use
multiple
canaries
or
a
terminator
canary
to
catch
different
overflow
patterns.
elsewhere;
information
leaks
may
allow
an
attacker
to
learn
the
canary
value,
enabling
circumvention;
they
incur
runtime
and
code-size
overhead;
and
they
do
not
protect
non-stack
memory
corruptions.
corruption
attacks.