The document is archived and information here might be outdated


This pragma provides enhanced security checking.

#pragma strict_gs_check([push,] on ) 
#pragma strict_gs_check([push,] off ) 
#pragma strict_gs_check(pop)

Instructs the compiler to insert a random cookie in the function stack to help detect some categories of stack-based buffer overrun. By default, the /GS (Buffer Security Check) compiler option does not insert a cookie for all functions. For more information, see /GS (Buffer Security Check).

You must compile with /GS (Buffer Security Check) to enable strict_gs_check.

Use this pragma sparingly, and only in code modules that are exposed to potentially harmful data. This pragma is very aggressive, and is applied to functions that might not need this defense, which can decrease the performance of the resulting application.

Even if you use this pragma, you should strive to write secure code. That is, make sure that your code has no buffer overruns. strict_gs_check might protect your application from buffer overruns that do remain in your code.

In the following code a buffer overrun occurs when we copy an array to a local array. When you compile this code with /GS, no cookie is inserted in the stack, because the array data type is an unsigned integer. Adding the strict_gs_check pragma forces the stack cookie into the function stack.

// pragma_strict_gs_check.cpp
// compile with: /c
#pragma strict_gs_check(on)

unsigned int * ReverseArray(unsigned int *pdwData,
                            size_t cData)
   // *** This buffer is subject to being overrun!! ***
   unsigned int dwReversed[20];
   // Reverse the array into a temporary buffer
   for (size_t j=0, i = cData; i ; --i, ++j)
      // *** Possible buffer overrun!! ***
      dwReversed[j] = pdwData[i];  

   // Copy temporary buffer back into input/output buffer
   for (size_t i = 0; i < cData ; ++i) 
       pdwData[i] = dwReversed[i];

   return pdwData;
© 2016 Microsoft