public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/64964] New: -D_FORTIFY_SOURCE=2 passes incorrect length to _chk functions in some cases
@ 2015-02-06 18:03 nszabolcs at gmail dot com
  2015-02-09 14:33 ` [Bug c/64964] " rguenth at gcc dot gnu.org
  0 siblings, 1 reply; 2+ messages in thread
From: nszabolcs at gmail dot com @ 2015-02-06 18:03 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64964

            Bug ID: 64964
           Summary: -D_FORTIFY_SOURCE=2 passes incorrect length to _chk
                    functions in some cases
           Product: gcc
           Version: 5.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: nszabolcs at gmail dot com

in the following simple testcase the valid length of x.a+1 is 1, but 2 is
passed to __strcpy_chk according to the asm (gcc-4.8 gets it right, glibc
debug/tst-chk3 and debug/tst-chk6 testcases fail now with gcc built from trunk)

at runtime x.b[0] gets clobbered with 0 and there is no failure reported.

$ cat chk.c
#include <string.h>

int main()
{
    char *volatile s = "A";
    struct { char a[2]; char b[1]; } x;
    strcpy(x.a+1, s);
    return 0;
}
$ gcc -D_FORTIFY_SOURCE=2 -O -S chk.c
$ cat chk.s
    .file    "chk.c"
    .section    .rodata.str1.1,"aMS",@progbits,1
.LC0:
    .string    "A"
    .text
    .globl    main
    .type    main, @function
main:
.LFB22:
    .cfi_startproc
    subq    $24, %rsp
    .cfi_def_cfa_offset 32
    movq    $.LC0, 8(%rsp)
    movq    8(%rsp), %rsi
    movl    $2, %edx
    leaq    1(%rsp), %rdi
    call    __strcpy_chk
    movl    $0, %eax
    addq    $24, %rsp
    .cfi_def_cfa_offset 8
    ret
    .cfi_endproc
.LFE22:
    .size    main, .-main
    .ident    "GCC: (GNU) 5.0.0 20150205 (experimental)"
    .section    .note.GNU-stack,"",@progbits


^ permalink raw reply	[flat|nested] 2+ messages in thread
* [Bug c/64964] -D_FORTIFY_SOURCE=2 passes incorrect length to _chk functions in some cases
  2015-02-06 18:03 [Bug c/64964] New: -D_FORTIFY_SOURCE=2 passes incorrect length to _chk functions in some cases nszabolcs at gmail dot com
@ 2015-02-09 14:33 ` rguenth at gcc dot gnu.org
  0 siblings, 0 replies; 2+ messages in thread
From: rguenth at gcc dot gnu.org @ 2015-02-09 14:33 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64964

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
dup

*** This bug has been marked as a duplicate of bug 64715 ***


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-02-09 14:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-02-06 18:03 [Bug c/64964] New: -D_FORTIFY_SOURCE=2 passes incorrect length to _chk functions in some cases nszabolcs at gmail dot com
2015-02-09 14:33 ` [Bug c/64964] " rguenth at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).