Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 340249

Summary: app-emulation/emul-linux-x86-xlibs-20100915 _FORTIFY_SOURCE indicates presence of overflow
Product: Gentoo Linux Reporter: Diego Elio Pettenò (RETIRED) <flameeyes>
Component: [OLD] LibraryAssignee: AMD64 Project <amd64>
Status: RESOLVED FIXED    
Severity: major CC: hardened, stefaan, ulm
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 337967    
Bug Blocks: 165270, 259417    
Attachments: Build log

Description Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-09 12:14:11 UTC 
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-09 12:14:35 UTC 
Created attachment 250009 [details]
Build log
Comment 2 Ulrich Müller gentoo-dev 2010-10-09 14:10:28 UTC 
Thanks, fixed in openmotif-compat-2.2.3-r1.

Arch teams, please stabilise.

@amd64: This also affects app-emulation/emul-linux-x86-xlibs because it includes the libMrm.so.3.0.2 library.
Comment 3 Ulrich Müller gentoo-dev 2010-10-10 05:53:53 UTC 
I'll take the opportunity and move the openmotif-compat package back to SLOT 2.2 of x11-libs/openmotif. Stabilisation of openmotif-2.2.3-r10 will therefore be done in bug 340311.

Leaving amd64 in CC because of the emul* package.
Comment 4 Pacho Ramos gentoo-dev 2011-01-30 11:19:44 UTC 
Fixed in 20110129