This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: binutils and _FORTIFY_SOURCE


On Sun, Nov 20, 2005 at 05:09:17PM -0500, Daniel Jacobowitz wrote:
> On Mon, Nov 21, 2005 at 08:36:46AM +1030, Alan Modra wrote:
> > On Sun, Nov 20, 2005 at 09:46:44AM -0800, Anthony Green wrote:
> > > typedef struct
> > > {
> > >   char foo[4];
> > >   int  bar;
> > > } mystruct;
> > > 
> > > we see code kind of like...
> > > 
> > >   mystruct s;
> > >   strcpy (s.foo, "1234");  /* buffer overflow here */
> > >   s.bar = 5; 		   /* but it doesn't really matter */
> > > 
> > > Has anybody looked into this before?
> > > Will you accept patches to remove false _FORTIFY_SOURCE errors?
> > 
> > Yes.  The above really ought to be using memcpy.
> 
> Didn't someone (Jakub?) try and fail to fix ar once already?

I fixed what I encountered (look for _bfd_ar_spacepad in bfd/archive.c).
If you see anything left, please let me know what exactly,
but we are using -D_FORTIFY_SOURCE=2 compiled binutils for many
months on architectures we use and haven't seen anything like
that.  But ARM is not one of the architectures we use, so it
might be something ARM specific...

	Jakub


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]