Preface: Many programmers continue to use Arm Compiler 5 for several reasons:
Developers who have been using Arm Compiler 5 for years are familiar with its quirks and features, making it easier for them to continue using it rather than learning a new toolchain.
Furthermore, Arm Compiler 5 supports older ARM architectures that may not be fully supported by newer compilers.
Background: When compiling ARM code with stack protection, the –protect_stack option is used to safeguard against stack buffer overflows and potential malicious tampering. Here are the conditions under which a function is considered vulnerable and thus protected:
- Arm Compiler 5:
A function is considered vulnerable if it contains a char or wchar_t array of any size1. - Arm Compiler 6:
With -fstack-protector, a function is considered vulnerable if it contains:
-A character array larger than 8 bytes.
-An 8-bit integer array larger than 8 bytes.
-A call to alloca() with either a variable size or a constant size bigger than 8 bytes1.
With -fstack-protector-strong, a function is considered vulnerable if it contains:
-An array of any size and type.
-A call to alloca().
-A local variable that has its address taken1.
Using these options helps improve the overall security and integrity of your code by preventing stack buffer overflows
Vulnerability details: In certain circumstances the stack protection feature can be rendered ineffective, leaving the protected function vulnerable to stack-based buffer overflows.
An undetected stack overflow can lead to a function return address being overwritten, potentially causing a crash or hang or allowing an attacker to gain control over program execution.
Official announcement: Please refer to the vendor announcement for detail – https://developer.arm.com/documentation/110262/1-1/?lang=en