binutils and _FORTIFY_SOURCE
Anthony Green
green@redhat.com
Sun Nov 20 17:46:00 GMT 2005
Hello binutils maintainers,
glibc reports buffer overflows when I build and run some "ar" ports
(like arm-elf-ar) on Fedora Core with -D_FORTIFY_SOURCE=2 [1].
A very quick look tells me there's no serious bug, just tricky
programming.
I'm talking about things like, given
typedef struct
{
char foo[4];
int bar;
} mystruct;
we see code kind of like...
mystruct s;
strcpy (s.foo, "1234"); /* buffer overflow here */
s.bar = 5; /* but it doesn't really matter */
Has anybody looked into this before?
Will you accept patches to remove false _FORTIFY_SOURCE errors?
I don't know if I will do this, but I thought I'd ask for the record.
AG
[1] http://www.redhat.com/magazine/009jul05/features/execshield/#checks
More information about the Binutils
mailing list