| Summary: | sci-libs/vtk _FORTIFY_SOURCE indicates presence of overflow | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
| Component: | New packages | Assignee: | Markus Dittrich (RETIRED) <markusle> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | frp.bissey, hardened, java, jlec, sci |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 259417 | ||
| Attachments: |
Build log (compressed)
patch for the vtk-5.6.0-r2 ebuild |
||
|
Description
Diego Elio Pettenò (RETIRED)
2010-09-26 16:36:47 UTC
Created attachment 248697 [details]
Build log (compressed)
Thanks for the report. The attached log has been gzipped twice (but has only one .gz extension) which lead to some confusion for a few minutes here. Is it a problem with your automated script? I am a bit confused about the message: * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * /usr/include/bits/stdio2.h:35:43: warning: call to int __builtin___sprintf_chk(char*, int, unsigned int, const char*, ...) will always overflow destination buffer * /usr/include/bits/stdio2.h:35:43: warning: call to int __builtin___sprintf_chk(char*, int, unsigned int, const char*, ...) will always overflow destination buffer * /usr/include/bits/stdio2.h:35:43: warning: call to int __builtin___sprintf_chk(char*, int, unsigned int, const char*, ...) will always overflow destination buffer I was expecting to be directed to some files in the vtk sources, instead I am directed to a file belonging to glibc. Does this means that the function provided by this header is misused and I should track it down or is this more subtle? The double-encoding looks like a Bugzilla problem, as the original on my system looks okay… but whatever, since they are going to change it sometime soon one hopes. As for the warnings, look for the correspondent warnings during the build phase and it'll show where it is being called, Portage only copies the warning call that is tied to the inline functions within the headers, which I admit is quite puzzling the first times. (In reply to comment #3) > The double-encoding looks like a Bugzilla problem, as the original on my system > looks okay… but whatever, since they are going to change it sometime soon one > hopes. > > As for the warnings, look for the correspondent warnings during the build phase > and it'll show where it is being called, Portage only copies the warning call > that is tied to the inline functions within the headers, which I admit is quite > puzzling the first times. > Thanks for the info. Found the problem, I will report on the vtk mailing list, patch to follow. I will check the internal copy of vtk in paraview-3.8.0 (science overlay only) later. Created attachment 248726 [details, diff]
patch for the vtk-5.6.0-r2 ebuild
Ok the easiest way is just to add a bit of sed in the ebuild.
On line 166 of Utilities/kwsys/SystemInformation.cxx
We have the following definition:
char ProcessorName[CHIPNAME_STRING_LENGTH];
And CHIPNAME_STRING_LENGTH is defined in turn on line 155 as having a value
of 49+1 (presumably because sometimes there is a white space at the end of the string. The lines singled out by Diego's report try to put strings of length
58, 62 and 55 in there. These are all definitions for Pentium III processors so it is unlikely to happen on halfway modern hardware.
I set the value at 79+1 to have some margin.
Thanks for the patch, inlcuded for 5.6.* |