[rurban]

Not only -fstack-check protects from this exploit, also the new clang -fcpi checker in levee https://github.com/cpi-llvm and of course the old -fsanitize=address.

-fcps does not catch it.

I haven't checked -fsanitize=safe-stack yet, as my old levee build didn't offer that.

[rurban]

Build it now: clang-3.7 -fsanitize=safe-stack does not catch it, and the clang and gcc optimizers with -O optimize it away.