This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

binutils and _FORTIFY_SOURCE

From: Anthony Green <green at redhat dot com>
To: binutils at sources dot redhat dot com
Date: Sun, 20 Nov 2005 09:46:44 -0800
Subject: binutils and _FORTIFY_SOURCE

Hello binutils maintainers,

glibc reports buffer overflows when I build and run some "ar" ports
(like arm-elf-ar) on Fedora Core with -D_FORTIFY_SOURCE=2 [1].

A very quick look tells me there's no serious bug, just tricky
programming.  

I'm talking about things like, given 

typedef struct
{
  char foo[4];
  int  bar;
} mystruct;

we see code kind of like...

  mystruct s;
  strcpy (s.foo, "1234");  /* buffer overflow here */
  s.bar = 5; 		   /* but it doesn't really matter */

Has anybody looked into this before?
Will you accept patches to remove false _FORTIFY_SOURCE errors?
I don't know if I will do this, but I thought I'd ask for the record.

AG


[1] http://www.redhat.com/magazine/009jul05/features/execshield/#checks

Follow-Ups:
- Re: binutils and _FORTIFY_SOURCE
  - From: Alan Modra

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]