Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All
Important This document may not represent best practices for current development, links to downloads and other resources may no longer be valid. Current recommended version can be found here.

strict_gs_check

This pragma provides enhanced security checking.


#pragma strict_gs_check([push,] on ) 
#pragma strict_gs_check([push,] off ) 
#pragma strict_gs_check(pop)

Instructs the compiler to insert a random cookie in the function stack to help detect some categories of stack-based buffer overrun. By default, the /GS (Buffer Security Check) compiler option does not insert a cookie for all functions. For more information, see /GS (Buffer Security Check).

You must compile with /GS (Buffer Security Check) to enable strict_gs_check.

Use this pragma sparingly, and only in code modules that are exposed to potentially harmful data. This pragma is very aggressive, and is applied to functions that might not need this defense, which can decrease the performance of the resulting application.

Even if you use this pragma, you should strive to write secure code. That is, make sure that your code has no buffer overruns. strict_gs_check might protect your application from buffer overruns that do remain in your code.

In the following code a buffer overrun occurs when we copy an array to a local array. When you compile this code with /GS, no cookie is inserted in the stack, because the array data type is an unsigned integer. Adding the strict_gs_check pragma forces the stack cookie into the function stack.

// pragma_strict_gs_check.cpp
#pragma strict_gs_check(on)

unsigned int * ReverseArray(__in_ecount(cData) unsigned int *pdwData,
                            size_t cData)
{
   // *** This buffer is subject to being overrun!! ***
   unsigned int dwReversed[20];
   // Reverse the array into a temporary buffer
   for (size_t j=0, i = cData; i ; --i, ++j)
      // *** Possible buffer overrun!! ***
      dwReversed[j] = pdwData[i];  

   // Copy temporary buffer back into input/output buffer
   for (size_t i = 0; i < cData ; ++i) 
       pdwData[i] = dwReversed[i];

   return pdwData;
}
Show:
© 2015 Microsoft