Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 421809

Summary: app-emulation/simh _FORTIFY_SOURCE indicates presence of overflow
Product: Gentoo Linux Reporter: Diego Elio Pettenò (RETIRED) <flameeyes>
Component: Current packagesAssignee: Sergei Trofimovich (RETIRED) <slyfox>
Status: RESOLVED OBSOLETE    
Severity: major CC: jstein
Priority: Highest Keywords: UPSTREAM
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://tinderboxlogs.s3.amazonaws.com/tbamd64.excelsior.flameeyes.eu/app-emulation%3Asimh-3.9.0%3A20120618-165617.html
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 259417    

Description Diego Elio Pettenò (RETIRED) gentoo-dev 2012-06-18 17:05:08 UTC 
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 Sergey Popov gentoo-dev 2012-11-29 11:35:49 UTC 
Reported upstream: https://github.com/simh/simh/issues/15
Comment 2 Jonas Stein gentoo-dev 2017-07-10 21:04:32 UTC 
any news? Upstream marked the ticket as closed. Version is missing in the title, but 3.9 was released in Nov 2014.
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2020-01-30 09:03:20 UTC 
The full warning is:

"""
x86_64-pc-linux-gnu-gcc -std=c99 -U__STRICT_ANSI__  -O2 -pipe -ggdb -march=native -ftracer -finline-functions -fgcse-after-reload -fpredictive-commoning -fipa-cp-clone -fno-unsafe-loop-optimizations -fno-strict-overflow -flto -fwhole-program -Wno-unused-result -I . -D_GNU_SOURCE -DUSE_READER_THREAD -DHAVE_DLOPEN=so  swtp6800/common/mp-a.c swtp6800/common/m6800.c swtp6800/common/m6810.c swtp6800/common/bootrom.c swtp6800/common/dc-4.c swtp6800/common/mp-s.c swtp6800/swtp6800/mp-a_sys.c swtp6800/common/mp-b2.c swtp6800/common/mp-8m.c scp.c sim_console.c sim_fio.c sim_timer.c sim_sock.c sim_tmxr.c sim_ether.c sim_tape.c -I swtp6800/swtp6800 -o BIN/swtp6800mp-a -lm -lrt -lpthread -ldl -lpcap -Wl,-O1 -Wl,--as-needed -flto -fwhole-program
In file included from I1401/i1401_mt.c:208:0,
                 from sim_tape.c:517,
                 from :26:
In function 'sim_fread.part.0.5296.constprop.56',
    inlined from 'sim_fread.constprop.52' at sim_tape.c:399:8,
    inlined from 'sim_tape_rdrecf.constprop.40' at sim_tape.c:415:15:
/usr/include/bits/stdio2.h:282:2: warning: call to '__fread_chk_warn' declared with attribute warning: fread called with bigger size * nmemb than length of destination buffer [enabled by default]
"""

Does not happen on modern toolchain. Given it's a warning on the code full of constant propagations by an optimiser I suspect gcc blamed logically unreachable code here.

Closing as obsolete.