Summary: | dev-embedded/tigcc _FORTIFY_SOURCE indicates presence of overflow | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | Current packages | Assignee: | Embedded Team (OBSOLETE) <dev-embedded+disabled> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | hardened, jimtahu |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 412487 | ||
Bug Blocks: | 151569, 259417 | ||
Attachments: |
B
tios-signature-fix.patch |
Description
Diego Elio Pettenò (RETIRED)
2010-09-13 10:48:24 UTC
Created attachment 247111 [details]
B
*** Bug 364315 has been marked as a duplicate of this bug. *** Created attachment 309881 [details, diff]
tios-signature-fix.patch
The cause of the buffer overflow warnings is that sources/ld-tigcc/formats/tios.h has char Signature[8], when it expects an 8-character input. This is overflowing because there needs to be 9 elements allocated to include room for the null-terminator of the string. I think this patch is sufficient to fix it (I'm not familiar with how to use FORTIFY_SOURCE, but this eliminates the warnings about "warning: call to __builtin___strcpy_chk will always overflow destination buffer". There are also errors about "warning: array subscript is above array bounds" and likewise for below array bounds, I'll look at those next.
new beta8 version doesn't warn for me |