Summary: | sys-fs/diskdev_cmds _FORTIFY_SOURCE indicates presence of overflow | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
Status: | CONFIRMED --- | ||
Severity: | major | CC: | hardened |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 437398 | ||
Bug Blocks: | 259417 | ||
Attachments: | Build log |
Original report: """ In function ‘bzero’, inlined from ‘DeallocateFile’ at SExtents.c:701:3: /usr/include/bits/string3.h:98:3: warning: call to __builtin___memset_chk will always overflow destination buffer [enabled by default] In function ‘bzero’, inlined from ‘DeallocateFile’ at SExtents.c:704:3: /usr/include/bits/string3.h:98:3: warning: call to __builtin___memset_chk will always overflow destination buffer [enabled by default] """ Nowadays' gcc detects the same: """ x86_64-pc-linux-gnu-gcc -march=sandybridge -mtune=sandybridge -maes --param=l1-cache-size=32 --param=l1-cache-line-size=64 --param=l2-cache-size=8192 -O2 -pipe -fdiagnostics-show-option -frecord-gcc-switches -Wall -Wextra -Wstack-protector -frecord-gcc-switches -frecord-gcc-switches -Wall -I/tmp/portage/sys-fs/diskdev_cmds-332.14_p1-r3/work/diskdev_cmds-332.14/include -DDEBUG_BUILD=0 -D_FILE_OFFSET_BITS=64 -D LINUX=1 -D BSD=1 -c -o SExtents.o SExtents.c In file included from /usr/include/strings.h:144, from /usr/include/string.h:432, from SRuntime.h:36, from BTree.h:37, from SExtents.c:37: In function 'bzero', inlined from 'DeallocateFile' at SExtents.c:701:3: /usr/include/bits/strings_fortified.h:31:10: warning: '__builtin___memset_chk' forming offset [64, 75] is out of the bounds [0, 64] of object 'dataForkExtents' with type 'HFSPlusExtentRecord' {aka 'HFSPlusExtentDescriptor[8]'} [-Warray-bounds] 31 | (void) __builtin___memset_chk (__dest, '\0', __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SExtents.c: In function 'DeallocateFile': SExtents.c:687:23: note: 'dataForkExtents' declared here 687 | HFSPlusExtentRecord dataForkExtents; | ^~~~~~~~~~~~~~~ In file included from /usr/include/strings.h:144, from /usr/include/string.h:432, from SRuntime.h:36, from BTree.h:37, from SExtents.c:37: In function 'bzero', inlined from 'DeallocateFile' at SExtents.c:704:3: /usr/include/bits/strings_fortified.h:31:10: warning: '__builtin___memset_chk' forming offset [64, 75] is out of the bounds [0, 64] of object 'rsrcForkExtents' with type 'HFSPlusExtentRecord' {aka 'HFSPlusExtentDescriptor[8]'} [-Warray-bounds] 31 | (void) __builtin___memset_chk (__dest, '\0', __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ """ The code in question is: """ ClearMemory(&dataForkExtents[i].startBlock, sizeof(HFSPlusExtentRecord) - sizeof(HFSExtentRecord)); ClearMemory(&rsrcForkExtents[i].startBlock, sizeof(HFSPlusExtentRecord) - sizeof(HFSExtentRecord)); """ It's a bit fishy to follow, but it does not look immediately incorrect. |
Created attachment 269777 [details] Build log You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer. Even though this is not always an indication of a security problem it might even be. So please check this out ASAP. By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0. Thanks, Your friendly neighborhood tinderboxer