From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <xry111@mengyan1223.wang>
Received: from mengyan1223.wang (mengyan1223.wang [89.208.246.23])
 by sourceware.org (Postfix) with ESMTPS id E2D6C3858D39
 for <gcc-help@gcc.gnu.org>; Wed,  2 Mar 2022 19:46:39 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E2D6C3858D39
Received: from [IPv6:240e:358:11fa:cc00:dc73:854d:832e:4] (unknown
 [IPv6:240e:358:11fa:cc00:dc73:854d:832e:4])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest
 SHA384) (Client did not present a certificate)
 (Authenticated sender: xry111@mengyan1223.wang)
 by mengyan1223.wang (Postfix) with ESMTPSA id 7171A662AA;
 Wed,  2 Mar 2022 14:46:34 -0500 (EST)
Message-ID: <2a574a7a0dbb4f1ef4472d2a43b029f0ceca9065.camel@mengyan1223.wang>
Subject: Re: Fortify_source and stack-protector-strong
From: Xi Ruoyao <xry111@mengyan1223.wang>
To: Reinoud Koornstra <reinoudkoornstra@gmail.com>, Florian Weimer
 <fweimer@redhat.com>
Cc: Reinoud Koornstra via Gcc-help <gcc-help@gcc.gnu.org>
Date: Thu, 03 Mar 2022 03:46:21 +0800
In-Reply-To: <CAAA5faGBqtp0=00Mi+7Cvk3nLuV_CpD7jT4OAJ4k7NxaFcb-5g@mail.gmail.com>
References: <CAAA5faFWb6xz2mJ0LzRTxRHARq9vdmF+4bChWWEZCuW+uCNB4Q@mail.gmail.com>
 <87o82ok616.fsf@oldenburg.str.redhat.com>
 <CAAA5faGBqtp0=00Mi+7Cvk3nLuV_CpD7jT4OAJ4k7NxaFcb-5g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.4 
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3031.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, JMQ_SPF_NEUTRAL, SPF_HELO_PASS,
 SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-help@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-help mailing list <gcc-help.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-help>,
 <mailto:gcc-help-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-help/>
List-Post: <mailto:gcc-help@gcc.gnu.org>
List-Help: <mailto:gcc-help-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-help>,
 <mailto:gcc-help-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 19:46:41 -0000

On Wed, 2022-03-02 at 11:09 -0800, Reinoud Koornstra via Gcc-help wrote:
> Hi Florian,
> 
> Thanks very much for your reply.
> -D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2
> also has runtime checks for variable length?

Both -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 determine buffer size
at compile time.  But they are runtime checks: the input size is
compared with the buffer size at runtime.  They are not a pure compile-
time checking like -Wstringop-overflow.

-D_FORTIFY_SOURCE=3 supports runtime calculation of variable-length
buffer, but it needs Glibc >= 2.35 and GCC >= 12.0 (not released yet).
-- 
Xi Ruoyao <xry111@mengyan1223.wang>
School of Aerospace Science and Technology, Xidian University