This reduces entropy of the canary from 64-bit to 56-bit in exchange
for mitigating non-terminated C string overflows by setting the second
byte of the canary to nul, so that off-by-one write overflow with a
nul byte can still be detected.
Idea from GrapheneOS bionic commit
7024d880b51f03a796ff8832f1298f2f1531fd7b
if (entropy) memcpy(&__stack_chk_guard, entropy, sizeof(uintptr_t));
else __stack_chk_guard = (uintptr_t)&__stack_chk_guard * 1103515245;
+#if UINTPTR_MAX >= 0xffffffffffffffff
+ /* Sacrifice 8 bits of entropy on 64bit to prevent leaking/
+ * overwriting the canary via string-manipulation functions.
+ * The NULL byte is on the second byte so that off-by-ones can
+ * still be detected. Endianness is taken care of
+ * automatically. */
+ ((char *)&__stack_chk_guard)[1] = 0;
+#endif
+
__pthread_self()->canary = __stack_chk_guard;
}