This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
binutils and _FORTIFY_SOURCE
- From: Anthony Green <green at redhat dot com>
- To: binutils at sources dot redhat dot com
- Date: Sun, 20 Nov 2005 09:46:44 -0800
- Subject: binutils and _FORTIFY_SOURCE
Hello binutils maintainers,
glibc reports buffer overflows when I build and run some "ar" ports
(like arm-elf-ar) on Fedora Core with -D_FORTIFY_SOURCE=2 [1].
A very quick look tells me there's no serious bug, just tricky
programming.
I'm talking about things like, given
typedef struct
{
char foo[4];
int bar;
} mystruct;
we see code kind of like...
mystruct s;
strcpy (s.foo, "1234"); /* buffer overflow here */
s.bar = 5; /* but it doesn't really matter */
Has anybody looked into this before?
Will you accept patches to remove false _FORTIFY_SOURCE errors?
I don't know if I will do this, but I thought I'd ask for the record.
AG
[1] http://www.redhat.com/magazine/009jul05/features/execshield/#checks