Bug 15017 - potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE
Summary: potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE
Status: RESOLVED INVALID
Alias: None
Product: gdb
Classification: Unclassified
Component: build (show other bugs)
Version: 7.5
: P2 critical
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-01-14 22:41 UTC by Matt Hargett
Modified: 2013-01-15 13:20 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Hargett 2013-01-14 22:41:34 UTC 
I got this when compiling the latest Fedora source RPM (7.5.1-32). My default CFLAGS is -O3 instead of the default -O2:

In function 'strncat',
    inlined from 'svr4_create_solib_event_breakpoints' at ../../gdb/solib-svr4.c:2076:
/usr/include/bits/string3.h:152: error: call to __builtin___strncat_chk might overflow destination buffer


this correctly fails the build. The fix was simple, as the correct use of strncat for the same data is one line below:
              if (with_prefix)
                strncat (name, "rtld_", sizeof (name));

              strncat (name, probe_info[i].name, sizeof (name) - sizeof ("rtld_"));

becomes

              if (with_prefix)
                strncat (name, "rtld_", sizeof (name) - sizeof("rtld_"));

              strncat (name, probe_info[i].name, sizeof (name) - sizeof ("rtld_"));


and this eliminates the warning/error.
Comment 1 Sergio Durigan Junior 2013-01-14 23:04:24 UTC 
Thanks for the report, but this bug has to be opened against Fedora's GDB.  Closing as INVALID.  I have contacted the reporter and asked him to do so.
Comment 2 Gary Benson 2013-01-15 13:20:07 UTC 
I filed this as https://bugzilla.redhat.com/show_bug.cgi?id=895527