In this conference discuss below topic about unsafely C usage, and how Linux kernel has remove or add facility to detect such condition.
1. Variable Length array
- Using compiler option to Detect VLA: gcc -W vla
- Using guard page tor prevent stack overflow. VLA is needed lots of instruction compared to the fixed-size array.
2. Switch case break or non-break
- Mark all non-breaks with a “fall through” to whether programmer intent to fall through or it's a bug.
- Compiler support this feature: -Wimplicit-fallthrough
3. Arithmetic overflow detection
- Using compiler option to detection overflow in compile time
- Support different warning label: ignore or take as warring
4. Compare different API for string copy
- The safer string copy function: strscpy().
5. Safe stack - Shadow stack
- Separate the local variable stack and return address stack
- Support by hardware:
- ARM pointer authentication (Sign the return address for distinguish between a local variable and return address
Reference :