void return_input (void) { char array[30]; gets (array); printf("%s\n", array); }
After compiling it in gcc, this function is converted to the following Assembly code:
push %ebp mov %esp,%ebp sub $0x28,%esp mov %gs:0x14,%eax mov %eax,-0x4(%ebp) xor %eax,%eax lea -0x22(%ebp),%eax mov %eax,(%esp) call 0x8048374 lea -0x22(%ebp),%eax mov %eax,(%esp) call 0x80483a4 mov -0x4(%ebp),%eax xor %gs:0x14,%eax je 0x80484ac call 0x8048394 leave ret
I don't understand two lines:
mov %gs:0x14,%eax xor %gs:0x14,%eax
What is %gs, and what exactly these two lines do?
This is compilation command:
cc -c -mpreferred-stack-boundary=2 -ggdb file.c
Best Answer
GS is a segment register, its use in linux can be read up on here (its basically used for per thread data).
this code is used to validate that the stack hasn't exploded or been corrupted, using a canary value stored at GS+0x14, see this.
gcc -fstack-protector=strong
is on by default in many modern distros; you can usegcc -fno-stack-protector
to not add those checks. (On x86, thread-local storage is cheap so GCC keeps the randomized canary value there, making it somewhat harder to leak.)