We have identified a security issue in your package from our security scan.
Stack smashing protection has not been implemented in components included in the application. When an application is compiled with stack smashing protection, a known value or "canary" is placed on the stack directly before the local variables to protect the saved base pointer, saved instruction pointer, and function arguments. The value of the canary is verified upon the function return to see if it has been overwritten. The compiler uses a heuristic to intelligently apply stack protection to a function, typically functions using character arrays. This is a very simple best practice that hardens your app with little to no downside. Memory corruption vulnerabilities can be very hard to track down, but can be extremely severe.
Please follow the steps below for the respective platform to fix this security issue:
iOS:
In XCode, under the Build Settings for the app, go to the "Other C Flags" section and add in -fstack-protector-all. More reading can be done on Apple's developer library
Android:
Make sure that the -fstack-protector-all, -fpic, and -fstack-protector-strong flags are all set in the build.gradle file (typically in the cmake/cppFlags).
We have identified a security issue in your package from our security scan. Stack smashing protection has not been implemented in components included in the application. When an application is compiled with stack smashing protection, a known value or "canary" is placed on the stack directly before the local variables to protect the saved base pointer, saved instruction pointer, and function arguments. The value of the canary is verified upon the function return to see if it has been overwritten. The compiler uses a heuristic to intelligently apply stack protection to a function, typically functions using character arrays. This is a very simple best practice that hardens your app with little to no downside. Memory corruption vulnerabilities can be very hard to track down, but can be extremely severe.
Please follow the steps below for the respective platform to fix this security issue:
iOS: In XCode, under the Build Settings for the app, go to the "Other C Flags" section and add in
-fstack-protector-all
. More reading can be done on Apple's developer libraryAndroid: Make sure that the
-fstack-protector-all
,-fpic
, and-fstack-protector-strong
flags are all set in thebuild.gradle
file (typically in thecmake/cppFlags
).