This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Implement strlcat [BZ#178]

On 12/04/2015 09:20 PM, Paul Eggert wrote:
> Thanks, good points. I addressed them in the attached patches by
> replacing that paragraph with the following text.
> 
> Although some buffer overruns can be prevented by manually replacing
> calls to copying functions with calls to truncation functions,
> nowadays there are easier and more-reliable automatic techniques that
> cause buffer overruns to reliably terminate a program.  These include
> GCC's @option{-fsanitize=address} option and, if the destination
> buffer is statically sized, defining the @code{_FORTIFY_SOURCE} macro.
> Because truncation functions can mask application bugs that would
> otherwise be caught by the automatic techniques, these functions
> should be used only when the application's underlying logic requires
> truncation.
> 
> 
> Or perhaps you'd rather not document _FORTIFY_SOURCE at all? I notice
> it's mentioned nowhere in the manual; is that intended?

It's difficult to document because it is an emergent property resulting
from glibc headers and GCC support.

> If so, I can further revise accordingly.

Right now, it is probably best to drop it.  I don't want to deal with an
influx of security vulnerabilities because it does not actually work in
some cases just yet.

I see that you have added a reference to -fcheck-pointer-bounds.  Do you
have practical experience with this option?  Does it actually work?

Florian
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]