From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15444 invoked by alias); 14 Jan 2013 22:41:35 -0000 Received: (qmail 15347 invoked by uid 48); 14 Jan 2013 22:41:35 -0000 From: "matt at use dot net" To: gdb-prs@sourceware.org Subject: [Bug build/15017] New: potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE Date: Mon, 14 Jan 2013 22:41:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gdb X-Bugzilla-Component: build X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: matt at use dot net X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gdb-prs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-prs-owner@sourceware.org X-SW-Source: 2013-q1/txt/msg00068.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=15017 Bug #: 15017 Summary: potential buffer overflow uncovered by compiling with -O3 and FORTIFY_SOURCE Product: gdb Version: 7.5 Status: NEW Severity: critical Priority: P2 Component: build AssignedTo: unassigned@sourceware.org ReportedBy: matt@use.net Classification: Unclassified I got this when compiling the latest Fedora source RPM (7.5.1-32). My default CFLAGS is -O3 instead of the default -O2: In function 'strncat', inlined from 'svr4_create_solib_event_breakpoints' at ../../gdb/solib-svr4.c:2076: /usr/include/bits/string3.h:152: error: call to __builtin___strncat_chk might overflow destination buffer this correctly fails the build. The fix was simple, as the correct use of strncat for the same data is one line below: if (with_prefix) strncat (name, "rtld_", sizeof (name)); strncat (name, probe_info[i].name, sizeof (name) - sizeof ("rtld_")); becomes if (with_prefix) strncat (name, "rtld_", sizeof (name) - sizeof("rtld_")); strncat (name, probe_info[i].name, sizeof (name) - sizeof ("rtld_")); and this eliminates the warning/error. -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.