Canaries or canary words are known values that are placed between a buffer and control data on the stack to monitor buffer overflows. When the buffer overflows, the first data to be corrupted will be the canary, and a failed verification of the canary data is therefore an alert of an overflow, which can then be handled, for example, by invalidating the corrupted data.
The terminology is a reference to the historic practice of using canaries in coal mines, since they would be affected by toxic gases earlier than the miners, thus providing a biological warning system.
There are three types of canaries in use: Terminator, Random, and Random XOR. Current versions of StackGuard support all three, while ProPolice supports Terminator and Random canaries.
Read more about this topic: Buffer Overflow Protection