Note: I've only briefly read the related CPI paper (PDF), this is just initial impressions after playing around with it a bit.
All the code and binaries I used can be downloaded here. Note that I removed -DFORTIFY_SOURCE=2
to make the examples a bit simpler.
-fsanitize=safe-stack
basically seems to move stack based buffers off the actual stack, onto another segment of memory (I'll call it the fake stack). The actual stack then stores references to this segment. For example:
char buf[20];
printf("%p\n", buf);