This is about the following: sys-devel/gcc-3.4.6-r2: "GCC specs don't manage fstack-protector consistently" (from bug #104754). I felt like trying a new game and compiled games-board/mahjongg3d with the hardened specs; when I tried to start mahjongg3d, I got the following error: mahjongg3d: stack smashing attack in function virtual void QWidget::create(WId, bool, bool)() After having recompiled the program with the vanilla compiler, I got exactly the same error. My understanding is that the vanilla specs switch off the SSP part, so I should not get this error. with hardened specs: $ readelf -a mahjongg3d |grep smash 000e7f44 00019407 R_386_JUMP_SLOT 00000000 __stack_smash_handler 404: 00000000 458 FUNC GLOBAL DEFAULT UND __stack_smash_handler@GLIBC_2.3.2 (9) with vanilla specs: $ readelf -a mahjongg3d |grep smash (empty output) Portage 2.1.1_pre2-r6 (selinux/2005.1/x86/hardened, gcc-3.4.6/hardened, glibc-2.3.6-r4, 2.6.16-hardened-r10 i686) ================================================================= System uname: 2.6.16-hardened-r10 i686 Intel(R) Pentium(R) 4 CPU 1.60GHz Gentoo Base System version 1.12.1 app-admin/eselect-compiler: 2.0.0_rc2-r1 dev-lang/python: 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.18.1 sys-devel/autoconf: 2.13, 2.60 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.17 sys-devel/gcc-config: [Not Present] sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r5 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -pipe -march=pentium4 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/eselect/compiler /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-O2 -pipe -march=pentium4 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--alphabetical" FEATURES="autoconfig collision-protect distlocks loadpolicy parallel-fetch sandbox selinux sfperms strict userfetch userpriv usersandbox" GENTOO_MIRRORS="ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from /etc/portage/rsync_excludes" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="x86 X a52 aac alsa bzip2 caps cjk crypt cups curl dts dvd dvdread ffmpeg flac ftp gif gtk hardened idn ipv6 jpeg kdeenablefinal mad mikmod mmap mmx mp3 ncurses nptl offensive ogg opengl pam pic png selinux sndfile sse sse2 ssl theora threads tiff truetype unicode vorbis win32codecs xinerama xv xvid zlib elibc_glibc input_devices_evdev input_devices_keyboard input_devices_mouse kernel_linux linguas_en userland_GNU video_cards_nvidia" Unset: CTARGET, INSTALL_MASK, LC_ALL
No, thats no gcc thing here. You get the same error because the stack smashing occurs in qt (QWidget::create()), not in mahjong. And of course QT is still compiled with SSP, if you only recompile mahjong. You would have to recompile QT without SSP (it is sufficient to use i686-pc-linux-gnu-3.4.6-hardenednopie, you don't need to switch to the vanilla gcc) for now, but QT is an often used lib and its not really satsifactory to do so (for me). I think, this is probably a duplicate of bug 133301.
Thanks Dominik for the analysis - yes, indeed it is the same as 133301. *** This bug has been marked as a duplicate of 133301 ***
(In reply to comment #1) > No, thats no gcc thing here. You get the same error because the stack smashing > occurs in qt (QWidget::create()), not in mahjong. And of course QT is still > compiled with SSP, if you only recompile mahjong. You would have to recompile > QT without SSP (it is sufficient to use i686-pc-linux-gnu-3.4.6-hardenednopie, > you don't need to switch to the vanilla gcc) for now, but QT is an often used > lib and its not really satsifactory to do so (for me). Oh dear. Of course, the error message actually says so, thanks for the hint. Sorry for wasting your time. (Note to self: no bugreports after midnight anymore. That's the time you come up with funny ideas and summaries.)