This is the mail archive of the
newlib@sourceware.org
mailing list for the newlib project.
Re: [PATCH v1 00/10] Add Stack Smashing Protection and Object Size Checking
- From: Wilco Dijkstra <Wilco dot Dijkstra at arm dot com>
- To: "newlib at sourceware dot org" <newlib at sourceware dot org>, "yselkowitz at cygwin dot com" <yselkowitz at cygwin dot com>
- Cc: nd <nd at arm dot com>
- Date: Mon, 6 Nov 2017 19:21:41 +0000
- Subject: Re: [PATCH v1 00/10] Add Stack Smashing Protection and Object Size Checking
- Authentication-results: sourceware.org; auth=none
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Wilco dot Dijkstra at arm dot com;
- Nodisclaimer: True
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Hi,
> In the process of overhauling our feature test macros, I discovered that
> GCC's libssp implementation of Object Size Checking (-D_FORTIFY_SOURCE=*) is
> completely broken and possibly unfixable (CVE-2016-4973). Therefore, it
> seems the only way to make this work is to integrate it to Newlib itself like
> other libc's.
Wouldn't be better to implement a working -ffortify-string-functions feature
in GCC/LLVM so that the compiler can insert the correct checks?
Hacking all C libraries in the world still won't make the checks work -
as long as they rely on the broken __builtin_object_size implementation,
many cases won't be checked even when they should be, eg:
char s[100];
memcpy (s + 1, p, n);
The _chk variants also seem unnecessary, I don't understand their purpose.
All you want is to tell GCC to insert runtime checks when it detects the destination
is an array. You obviously want those checks to be inlined and optimized for
performance reasons.
Wilco