Share via


__security_init_cookie

 

The latest version of this topic can be found at __security_init_cookie.

Initializes the global security cookie.

Syntax

void __security_init_cookie(void);  

Remarks

The global security cookie is used for buffer overrun protection in code compiled with /GS (Buffer Security Check) and in code that uses exception handling. On entry to an overrun-protected function, the cookie is put on the stack, and on exit, the value on the stack is compared with the global cookie. Any difference between them indicates that a buffer overrun has occurred and causes immediate termination of the program.

Normally, __security_init_cookie is called by the CRT when it is initialized. If you bypass CRT initialization—for example, if you use /ENTRY to specify an entry-point—then you must call __security_init_cookie yourself. If __security_init_cookie is not called, the global security cookie is set to a default value and buffer overrun protection is compromised. Because an attacker can exploit this default cookie value to defeat the buffer overrun checks, we recommend that you always call __security_init_cookie when you define your own entry point.

The call to __security_init_cookie must be made before any overrun-protected function is entered; otherwise a spurious buffer overrun will be detected. For more information, see C Runtime Error R6035.

Example

See the examples in C Runtime Error R6035.

Requirements

Routine Required header
__security_init_cookie <process.h>

__security_init_cookie is a Microsoft extension to the standard C Runtime Library. For compatibility information, see Compatibility.

.NET Framework Equivalent

Not applicable. This function should only be called from native code, not managed code.

See Also

Compiler Security Checks In Depth