Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 340441

Summary: media-video/transcode _FORTIFY_SOURCE indicates presence of overflow
Product: Gentoo Linux Reporter: Diego Elio Pettenò (RETIRED) <flameeyes>
Component: Current packagesAssignee: Gentoo Media-video project <media-video>
Status: RESOLVED FIXED    
Severity: major CC: hardened
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 259417    
Attachments: Build log

Description Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-10 23:38:27 UTC 
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-10 23:38:59 UTC 
Created attachment 250187 [details]
Build log
Comment 2 Kevin Pyle 2010-10-12 04:07:43 UTC 
The overflow message does not blame the offending line, but based on source inspection and a quick test program, I see a probable cause.  In avidump.c!dump_vals (off_t val64 (line 323)) and in avidump.c!ProcessChunk (off_t offset (line 608)), upstream declares a variable of type off_t and calls read as though it will be an 8 byte wide value.  On i686 with the defines used, off_t is 4 bytes.  This triggers a fortification warning.  Since the surrounding code is probably expecting the read to move the file position by 8, the safe fix would be to replace the affected off_t variables with a wider variable, such as off64_t or equivalent.
Comment 3 Kevin Pyle 2010-10-13 04:12:41 UTC 
Amendment to comment #2: loff_t is 8 bytes long on x86 and amd64, and is available from <sys/types.h> without specifying any preprocessor defines, so it is probably a good choice for the fix.  Maintainers, are you comfortable writing a patch to do this?
Comment 4 Samuli Suominen (RETIRED) gentoo-dev 2011-12-06 07:48:34 UTC 
I'm not seeing this with 1.1.7.   Can you still reproduce?
Comment 5 Samuli Suominen (RETIRED) gentoo-dev 2011-12-08 18:36:28 UTC 
I played with various USE flag combinations as well as -O levels and not seeing this anymore. Assuming fixed by 1.1.7. Reopen if not.