Enabling this option currently adds an additional 20KB of heap overhead, and 4KB of additional heap is allocated
the first time an exception is thrown in user code.
+choice STACK_CHECK_MODE
+ prompt "Stack smashing protection mode"
+ default STACK_CHECK_NONE
+ help
+ Stack smashing protection mode. Emit extra code to check for buffer overflows, such as stack
+ smashing attacks. This is done by adding a guard variable to functions with vulnerable objects.
+ The guards are initialized when a function is entered and then checked when the function exits.
+ If a guard check fails, program is halted. Protection has the following modes:
+ - In NORMAL mode (GCC flag: -fstack-protector) only functions that call alloca, and functions with buffers larger than
+ 8 bytes are protected.
+ - STRONG mode (GCC flag: -fstack-protector-strong) is like NORMAL, but includes additional functions to be protected -- those that
+ have local array definitions, or have references to local frame addresses.
+ - In OVERALL mode (GCC flag: -fstack-protector-all) all functions are protected.
+
+ Modes have the following impact on code performance and coverage:
+ - performance: NORMAL > STRONG > OVERALL
+ - coverage: NORMAL < STRONG < OVERALL
+
+
+config STACK_CHECK_NONE
+ bool "None"
+config STACK_CHECK_NORM
+ bool "Normal"
+config STACK_CHECK_STRONG
+ bool "Strong"
+config STACK_CHECK_ALL
+ bool "Overall"
+endchoice
+
+config STACK_CHECK
+ bool
+ default !STACK_CHECK_NONE
+ help
+ Stack smashing protection.
+
endmenu # Compiler Options
menu "Component config"
projects / esp-idf / blobdiff