This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: binutils and _FORTIFY_SOURCE
On Sun, Nov 20, 2005 at 05:09:17PM -0500, Daniel Jacobowitz wrote:
> On Mon, Nov 21, 2005 at 08:36:46AM +1030, Alan Modra wrote:
> > On Sun, Nov 20, 2005 at 09:46:44AM -0800, Anthony Green wrote:
> > > typedef struct
> > > {
> > > char foo[4];
> > > int bar;
> > > } mystruct;
> > >
> > > we see code kind of like...
> > >
> > > mystruct s;
> > > strcpy (s.foo, "1234"); /* buffer overflow here */
> > > s.bar = 5; /* but it doesn't really matter */
> > >
> > > Has anybody looked into this before?
> > > Will you accept patches to remove false _FORTIFY_SOURCE errors?
> >
> > Yes. The above really ought to be using memcpy.
>
> Didn't someone (Jakub?) try and fail to fix ar once already?
I fixed what I encountered (look for _bfd_ar_spacepad in bfd/archive.c).
If you see anything left, please let me know what exactly,
but we are using -D_FORTIFY_SOURCE=2 compiled binutils for many
months on architectures we use and haven't seen anything like
that. But ARM is not one of the architectures we use, so it
might be something ARM specific...
Jakub