Initializes the global security cookie.
The global security cookie is used for buffer overrun protection in code compiled with /GS (Buffer Security Check) and in code that uses exception handling. On entry to an overrun-protected function, the cookie is put on the stack, and on exit, the value on the stack is compared with the global cookie. Any difference between them indicates that a buffer overrun has occurred and causes immediate termination of the program.
__security_init_cookie is called by the CRT when it's initialized. If you bypass CRT initialization—for example, if you use
/ENTRY to specify an entry-point—then you must call
__security_init_cookie yourself. If
__security_init_cookie isn't called, the global security cookie is set to a default value, and buffer overrun protection is compromised. Because an attacker can exploit this default cookie value to defeat the buffer overrun checks, we recommend that you always call
__security_init_cookie when you define your own entry point.
The call to
__security_init_cookie must be made before any overrun-protected function is entered; otherwise a spurious buffer overrun will be detected. For more information, see C Runtime Error R6035.
See the examples in C Runtime Error R6035.
__security_init_cookie is a Microsoft extension to the standard C Runtime Library. For compatibility information, see Compatibility.
Submit and view feedback for