This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Implement strlcat [BZ#178]
- From: Florian Weimer <fweimer at redhat dot com>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 10 Dec 2015 20:33:22 +0100
- Subject: Re: [PATCH] Implement strlcat [BZ#178]
- Authentication-results: sourceware.org; auth=none
- References: <56547472 dot 3010302 at redhat dot com> <5654B1FE dot 5020100 at cs dot ucla dot edu> <5654B796 dot 7070302 at redhat dot com> <5656E018 dot 5020608 at cs dot ucla dot edu> <565F211A dot 2030909 at redhat dot com> <56607CD1 dot 3050209 at cs dot ucla dot edu> <566197FD dot 9020001 at redhat dot com> <5661F59C dot 5050608 at cs dot ucla dot edu>
On 12/04/2015 09:20 PM, Paul Eggert wrote:
> Thanks, good points. I addressed them in the attached patches by
> replacing that paragraph with the following text.
>
> Although some buffer overruns can be prevented by manually replacing
> calls to copying functions with calls to truncation functions,
> nowadays there are easier and more-reliable automatic techniques that
> cause buffer overruns to reliably terminate a program. These include
> GCC's @option{-fsanitize=address} option and, if the destination
> buffer is statically sized, defining the @code{_FORTIFY_SOURCE} macro.
> Because truncation functions can mask application bugs that would
> otherwise be caught by the automatic techniques, these functions
> should be used only when the application's underlying logic requires
> truncation.
>
>
> Or perhaps you'd rather not document _FORTIFY_SOURCE at all? I notice
> it's mentioned nowhere in the manual; is that intended?
It's difficult to document because it is an emergent property resulting
from glibc headers and GCC support.
> If so, I can further revise accordingly.
Right now, it is probably best to drop it. I don't want to deal with an
influx of security vulnerabilities because it does not actually work in
some cases just yet.
I see that you have added a reference to -fcheck-pointer-bounds. Do you
have practical experience with this option? Does it actually work?
Florian