[Bug build/15017] New: potential buffer overflow uncovered by compiling with -O3 and FORTIFY

public inbox for gdb-prs@sourceware.org
help / color / mirror / Atom feed

* [Bug build/15017] New: potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE
@ 2013-01-14 22:41 matt at use dot net
  2013-01-14 23:04 ` [Bug build/15017] " sergiodj at redhat dot com
  2013-01-15 13:20 ` gbenson at redhat dot com
  0 siblings, 2 replies; 3+ messages in thread
From: matt at use dot net @ 2013-01-14 22:41 UTC (permalink / raw)
  To: gdb-prs

http://sourceware.org/bugzilla/show_bug.cgi?id=15017

             Bug #: 15017
           Summary: potential buffer overflow uncovered by compiling with
                    -O3 and FORTIFY_SOURCE
           Product: gdb
           Version: 7.5
            Status: NEW
          Severity: critical
          Priority: P2
         Component: build
        AssignedTo: unassigned@sourceware.org
        ReportedBy: matt@use.net
    Classification: Unclassified


I got this when compiling the latest Fedora source RPM (7.5.1-32). My default
CFLAGS is -O3 instead of the default -O2:

In function 'strncat',
    inlined from 'svr4_create_solib_event_breakpoints' at
../../gdb/solib-svr4.c:2076:
/usr/include/bits/string3.h:152: error: call to __builtin___strncat_chk might
overflow destination buffer


this correctly fails the build. The fix was simple, as the correct use of
strncat for the same data is one line below:
              if (with_prefix)
                strncat (name, "rtld_", sizeof (name));

              strncat (name, probe_info[i].name, sizeof (name) - sizeof
("rtld_"));

becomes

              if (with_prefix)
                strncat (name, "rtld_", sizeof (name) - sizeof("rtld_"));

              strncat (name, probe_info[i].name, sizeof (name) - sizeof
("rtld_"));


and this eliminates the warning/error.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug build/15017] potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE
  2013-01-14 22:41 [Bug build/15017] New: potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE matt at use dot net
@ 2013-01-14 23:04 ` sergiodj at redhat dot com
  2013-01-15 13:20 ` gbenson at redhat dot com
  1 sibling, 0 replies; 3+ messages in thread
From: sergiodj at redhat dot com @ 2013-01-14 23:04 UTC (permalink / raw)
  To: gdb-prs

http://sourceware.org/bugzilla/show_bug.cgi?id=15017

Sergio Durigan Junior <sergiodj at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |sergiodj at redhat dot com
         Resolution|                            |INVALID

--- Comment #1 from Sergio Durigan Junior <sergiodj at redhat dot com> 2013-01-14 23:04:24 UTC ---
Thanks for the report, but this bug has to be opened against Fedora's GDB. 
Closing as INVALID.  I have contacted the reporter and asked him to do so.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 3+ messages in thread

* [Bug build/15017] potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE
  2013-01-14 22:41 [Bug build/15017] New: potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE matt at use dot net
  2013-01-14 23:04 ` [Bug build/15017] " sergiodj at redhat dot com
@ 2013-01-15 13:20 ` gbenson at redhat dot com
  1 sibling, 0 replies; 3+ messages in thread
From: gbenson at redhat dot com @ 2013-01-15 13:20 UTC (permalink / raw)
  To: gdb-prs

http://sourceware.org/bugzilla/show_bug.cgi?id=15017

Gary Benson <gbenson at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gbenson at redhat dot com

--- Comment #2 from Gary Benson <gbenson at redhat dot com> 2013-01-15 13:20:07 UTC ---
I filed this as https://bugzilla.redhat.com/show_bug.cgi?id=895527

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2013-01-15 13:20 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-01-14 22:41 [Bug build/15017] New: potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE matt at use dot net
2013-01-14 23:04 ` [Bug build/15017] " sergiodj at redhat dot com
2013-01-15 13:20 ` gbenson at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).