BinScope: GSFunctionOptimizeCheck

Question

Hi,

Is the GSFunctionOptimizeCheck within BinScope an optional check, or is it considered a requirement of SDL?

While running BinScope, I'm getting GSFunctionOptimizeCheck failure on just a few odd functions and methods. Optimizations are enabled and there doesn't seem to be anything special about the functions that would cause /GS to fail for them, except perhaps for some inlining going on. The functions are typically very short.

Many thanks.

Rgds Martin

Answer 1

I'm guessing it could actually be your inlining...

Teams I work with have been finding the MSDN documentation for GS (http://msdn.microsoft.com/en-us/library/8dbf701c.aspx) to be more useful as a reference than the documentation that Binscope currently provides to explain GSFunctionOptimizeCheck.  The following section in particular:

The compiler does not provide security protection for vulnerable parameters in the following situations:

• Functions that do not contain a buffer.
• If optimizations (/O Options (Optimize Code)) are not enabled.
• Functions with a variable argument list (...).
• Functions marked with naked (C++).
• Functions containing inline assembly code in the first statement.
• If a parameter is used only in ways that are less likely to be exploitable in the event of a buffer overrun.

If you have some snippet of code that reproduces the failure that you can pass along or if you can't share the code but could put together an equivalent that would generate the same failure I would be interested in taking a look.  ejarvi at microsoft dot com