From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 33488 invoked by alias); 6 Nov 2017 19:21:47 -0000 Mailing-List: contact newlib-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: newlib-owner@sourceware.org Received: (qmail 33469 invoked by uid 89); 6 Nov 2017 19:21:46 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.7 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: EUR02-VE1-obe.outbound.protection.outlook.com Received: from mail-eopbgr20088.outbound.protection.outlook.com (HELO EUR02-VE1-obe.outbound.protection.outlook.com) (40.107.2.88) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 06 Nov 2017 19:21:45 +0000 Received: from HE1PR0801MB2058.eurprd08.prod.outlook.com (10.168.95.23) by HE1PR0801MB2060.eurprd08.prod.outlook.com (10.168.95.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Mon, 6 Nov 2017 19:21:41 +0000 Received: from HE1PR0801MB2058.eurprd08.prod.outlook.com ([fe80::92d:103c:a7c1:d911]) by HE1PR0801MB2058.eurprd08.prod.outlook.com ([fe80::92d:103c:a7c1:d911%17]) with mapi id 15.20.0178.012; Mon, 6 Nov 2017 19:21:41 +0000 From: Wilco Dijkstra To: "newlib@sourceware.org" , "yselkowitz@cygwin.com" CC: nd Subject: Re: [PATCH v1 00/10] Add Stack Smashing Protection and Object Size Checking Date: Tue, 07 Nov 2017 01:20:00 -0000 Message-ID: x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;HE1PR0801MB2060;6:Teokns155emv6eQlbiv/pAXn7b4ObSr817Bq1AS0mgm4I1TzyKsC3dWJ9BlItbvDyjJ5wn6oLXMJW+98MKc0M5TDh0XGrmQviJ7Zgk7AEiU6qKylwzrhicEFAKIw/RMST6lS4GI8juOaJ6typRBRIs20p0z7SeVht9uXnHWxHhFWK0kAMBPy9oSMGC9T25+Q4g0SVKavVm9e8xMTa3hKbxINYzKhFVMO6WXiLMJTTp09JsJyTYhwHcWXvhs+RmpBRkzo5WJiAQYFCbZQwGfO8bJ7a35q4czR+DTzTf1zQNsAwyO3m21BpPqzNy2cUzlgxE8UNPD8+YVP0v1aXvLPbfMyHbP1rGH2Aer3SgnW0T8=;5:OaxxYqU++smBPtBoPqghAfee9oWjnibF6er+konIAesKdzv8MwKa9h5iXMPJi2L9LRR87/WT/fuBedWtJHwdETNWAtfju5yOoqfR67r5u7k0aAPxBFOmIfruiiL82+m3R2QQd4oQ+gLlklTcyOoDFiXeThZR8cdcQYf0d7yAXXg=;24:1EtOXNOZWwUnLLqBqOhzYC2HJQwfMfd0awWv/LDrgiwA9zRaQXdhkwndOkL7a4z3fYFDrKYKZ3clbRhG5JNA+9vFDoXRHNC2xxdIHkqeN9c=;7:5xYpV3VqJvY+K4Zkr2LvO/5QIdjecdE+5hQZzNzHlWqYkyqNJdCB3rJtlFYe2ZLkMmoBh8avONfjjhpJ3BuQlJHX5o4a6ekBA0UQhGY1drPVv6USL0uU5wO+0rxGOvsWgKWdMHYjHeHid+2wUzl7espqRBSHdtx/EGg9OBM+JyZ+N0LEnRlLBJHEHnrQNds5qwglKHRB7MATx6Yw13B5Kp5/U1IclA7Z491K2rQ+s9rEVcgkE5fZ7kqxXsR5cvqx x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 498443bb-0ebe-4707-fed0-08d5254b9c38 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249);SRVR:HE1PR0801MB2060; x-ms-traffictypediagnostic: HE1PR0801MB2060: nodisclaimer: True x-exchange-antispam-report-test: UriScan:; x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(3231021)(6055026)(6041248)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123555025)(20161123564025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:HE1PR0801MB2060;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:HE1PR0801MB2060; x-forefront-prvs: 048396AFA0 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(39860400002)(376002)(346002)(199003)(189002)(6436002)(86362001)(7696004)(6506006)(97736004)(14454004)(74316002)(4326008)(7736002)(53936002)(99286004)(8676002)(5250100002)(25786009)(316002)(8936002)(6246003)(68736007)(102836003)(6116002)(81166006)(81156014)(229853002)(2906002)(55016002)(3280700002)(110136005)(9686003)(478600001)(2900100001)(72206003)(66066001)(189998001)(5660300001)(106356001)(33656002)(2501003)(3846002)(50986999)(305945005)(3660700001)(54356999)(105586002)(101416001);DIR:OUT;SFP:1101;SCL:1;SRVR:HE1PR0801MB2060;H:HE1PR0801MB2058.eurprd08.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Wilco.Dijkstra@arm.com; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-Network-Message-Id: 498443bb-0ebe-4707-fed0-08d5254b9c38 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2017 19:21:41.4986 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0801MB2060 X-SW-Source: 2017/txt/msg01079.txt.bz2 Hi, > In the process of overhauling our feature test macros, I discovered that > GCC's libssp implementation of Object Size Checking (-D_FORTIFY_SOURCE=3D= *) is > completely broken and possibly unfixable (CVE-2016-4973). Therefore, it > seems the only way to make this work is to integrate it to Newlib itself = like > other libc's. Wouldn't be better to implement a working -ffortify-string-functions feature in GCC/LLVM so that the compiler can insert the correct checks? Hacking all C libraries in the world still won't make the checks work - as long as they rely on the broken __builtin_object_size implementation, many cases won't be checked even when they should be, eg: char s[100];=20 memcpy (s + 1, p, n); The _chk variants also seem unnecessary, I don't understand their purpose. All you want is to tell GCC to insert runtime checks when it detects the de= stination is an array. You obviously want those checks to be inlined and optimized for performance reasons. Wilco