This is the mail archive of the
gdb-prs@sourceware.org
mailing list for the GDB project.
[Bug build/15017] New: potential buffer overflow uncovered bycompiling with -O3 and FORTIFY_SOURCE
- From: "matt at use dot net" <sourceware-bugzilla at sourceware dot org>
- To: gdb-prs at sourceware dot org
- Date: Mon, 14 Jan 2013 22:41:34 +0000
- Subject: [Bug build/15017] New: potential buffer overflow uncovered bycompiling with -O3 and FORTIFY_SOURCE
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=15017
Bug #: 15017
Summary: potential buffer overflow uncovered by compiling with
-O3 and FORTIFY_SOURCE
Product: gdb
Version: 7.5
Status: NEW
Severity: critical
Priority: P2
Component: build
AssignedTo: unassigned@sourceware.org
ReportedBy: matt@use.net
Classification: Unclassified
I got this when compiling the latest Fedora source RPM (7.5.1-32). My default
CFLAGS is -O3 instead of the default -O2:
In function 'strncat',
inlined from 'svr4_create_solib_event_breakpoints' at
../../gdb/solib-svr4.c:2076:
/usr/include/bits/string3.h:152: error: call to __builtin___strncat_chk might
overflow destination buffer
this correctly fails the build. The fix was simple, as the correct use of
strncat for the same data is one line below:
if (with_prefix)
strncat (name, "rtld_", sizeof (name));
strncat (name, probe_info[i].name, sizeof (name) - sizeof
("rtld_"));
becomes
if (with_prefix)
strncat (name, "rtld_", sizeof (name) - sizeof("rtld_"));
strncat (name, probe_info[i].name, sizeof (name) - sizeof
("rtld_"));
and this eliminates the warning/error.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.