From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <reinoudkoornstra@gmail.com>
Received: from mail-yw1-x1130.google.com (mail-yw1-x1130.google.com
 [IPv6:2607:f8b0:4864:20::1130])
 by sourceware.org (Postfix) with ESMTPS id D601A3858D39
 for <gcc-help@gcc.gnu.org>; Wed,  2 Mar 2022 20:05:50 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D601A3858D39
Received: by mail-yw1-x1130.google.com with SMTP id
 00721157ae682-2dbc48104beso31539787b3.5
 for <gcc-help@gcc.gnu.org>; Wed, 02 Mar 2022 12:05:50 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=sulPzrrgSagis+ZZlMA2z2CF0gnlKjKdTmuunJf9cqA=;
 b=iCTZzVb3FRLNpzbmtqNrxleI1NYYtuYHSCPhNFS6ndsciiiSDY0mWgQHFFNikablj2
 YE+xTb6NDjVUHF0J7GQS/56IWc4FtuHjzpexU0rC6zk7w6pdiCqw+LjV82IUoLEEewyI
 ms8mwG8pav5YcGqro3nWJll8ZGTtxDJC1UujfCXcec1X8ea8P8tfg2rM5tqSRlVKOb2M
 0iyJof1Kp7WMaoHteRRAtuMYRWnppVrJm1ZOmLCQZGfdUvkl/PVNlEckDc0FLjiXXZkC
 e0T+m1EttmJDS9SyseGM9zCP+59UuP83nlso6lZiytDvcSXLeKeBj8tE7PBrNfp+5ErT
 mKQw==
X-Gm-Message-State: AOAM531BRiUb4QJQel0wlj1ErPSFD7D0Fg1zENpX3PY3bULW60J9vXCk
 yVpaDy2fbCAaGSdi5aXaFcWjM/yFTmlvbHy0opM=
X-Google-Smtp-Source: ABdhPJy3bipLSJWfHE74BCwohWZSWnlJMF2+1bb3QdfLzV1wWnjhpqPbALrzifems2d+htPDBcXhDavtc/m1Mfu7jV4=
X-Received: by 2002:a0d:d687:0:b0:2d6:9079:9595 with SMTP id
 y129-20020a0dd687000000b002d690799595mr32531626ywd.32.1646251550388; Wed, 02
 Mar 2022 12:05:50 -0800 (PST)
MIME-Version: 1.0
References: <CAAA5faFWb6xz2mJ0LzRTxRHARq9vdmF+4bChWWEZCuW+uCNB4Q@mail.gmail.com>
 <87o82ok616.fsf@oldenburg.str.redhat.com>
 <CAAA5faGBqtp0=00Mi+7Cvk3nLuV_CpD7jT4OAJ4k7NxaFcb-5g@mail.gmail.com>
 <2a574a7a0dbb4f1ef4472d2a43b029f0ceca9065.camel@mengyan1223.wang>
In-Reply-To: <2a574a7a0dbb4f1ef4472d2a43b029f0ceca9065.camel@mengyan1223.wang>
From: Reinoud Koornstra <reinoudkoornstra@gmail.com>
Date: Wed, 2 Mar 2022 12:05:38 -0800
Message-ID: <CAAA5faE_s_4LWSDcTJxhdNUdD5_ELgWx=pVmJorf57Koesp_xg@mail.gmail.com>
Subject: Re: Fortify_source and stack-protector-strong
To: Xi Ruoyao <xry111@mengyan1223.wang>
Cc: Florian Weimer <fweimer@redhat.com>, 
 Reinoud Koornstra via Gcc-help <gcc-help@gcc.gnu.org>
X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, HTML_MESSAGE,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: gcc-help@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-help mailing list <gcc-help.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-help>,
 <mailto:gcc-help-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-help/>
List-Post: <mailto:gcc-help@gcc.gnu.org>
List-Help: <mailto:gcc-help-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-help>,
 <mailto:gcc-help-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 20:05:52 -0000

Hi Xi,

Thanks for your reply.
Then what is the difference between -D_FORTIFY_SOURCE=1 and
-D_FORTIFY_SOURCE=2 exactly?
The resulting binary size doesn't seem to differ much?
Thanks,

Reinoud.


On Wed, Mar 2, 2022, 11:46 AM Xi Ruoyao <xry111@mengyan1223.wang> wrote:

> On Wed, 2022-03-02 at 11:09 -0800, Reinoud Koornstra via Gcc-help wrote:
> > Hi Florian,
> >
> > Thanks very much for your reply.
> > -D_FORTIFY_SOURCE=1 is just during compile time and -D_FORTIFY_SOURCE=2
> > also has runtime checks for variable length?
>
> Both -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 determine buffer size
> at compile time.  But they are runtime checks: the input size is
> compared with the buffer size at runtime.  They are not a pure compile-
> time checking like -Wstringop-overflow.
>
> -D_FORTIFY_SOURCE=3 supports runtime calculation of variable-length
> buffer, but it needs Glibc >= 2.35 and GCC >= 12.0 (not released yet).
> --
> Xi Ruoyao <xry111@mengyan1223.wang>
> School of Aerospace Science and Technology, Xidian University
>