This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)

From: "kees at outflux dot net" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Fri, 13 Jun 2014 20:36:28 +0000
Subject: [Bug libc/7075] sprintf(buf, "%sfoo", buf) has different results with -O2 -D_FORTIFY_SOURCE=2 (__sprintf_chk bug?)
Auto-submitted: auto-generated
References: <bug-7075-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=7075

--- Comment #12 from Kees Cook <kees at outflux dot net> ---
It's not defined in POSIX, but it has worked a certain way in glibc for
decades. There's no _reason_ to break it for _FORTIFY_SOURCE. Pre-truncating
just silently breaks programs and does weird stuff. If you want to expose it
with _FORITFY_SOURCE then have vsprintf notice that the target and first format
argument are the same variable, and refuse to build.

Either pretruncation should be eliminated, or the undefined behavior should be
explicitly detected and dealt with. Just having programs lose data while
running with no indication of the cause seems like a terrible user experience.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]