On Wed, May 7, 2008 at 11:35 AM, Philip Hazel <ph10@???> wrote: > [Incidentally, does anybody know why C arranges its stack so that
> overruns hit the return data, rather than putting the return data at the
> bottom? This is something that I've wondered about for years.]
The return data is provided by the caller, which doesn't know how big
the callee's stack frame is going to be.
On platforms where the return address goes into a register, you could
put the register save area at the bottom of the frame, but that would
not gain you much in terms of security, because a hypothetical stack
smash would then be all set to clobber the *caller's* return address.
Upward-growing stacks would help in the typical case but have their
own headaches (not least that very few CPUs are set up to do it).