Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 337366 - dev-db/virtuoso-server-6.1.2 _FORTIFY_SOURCE indicates presence of overflow
Summary: dev-db/virtuoso-server-6.1.2 _FORTIFY_SOURCE indicates presence of overflow
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Maciej Mrozowski
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: fortify-source
  Show dependency tree
 
Reported: 2010-09-14 21:22 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2011-04-20 16:47 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Build log (virtuoso-server-6.1.2:20100913-153634.log,677.44 KB, text/plain)
2010-09-14 21:22 UTC, Diego Elio Pettenò (RETIRED)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2010-09-14 21:22:30 UTC
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-09-14 21:22:56 UTC
Created attachment 247357 [details]
Build log
Comment 2 Andreas K. Hüttel gentoo-dev 2011-04-03 15:39:01 UTC
One overflow-related message:

In file included from /usr/include/string.h:640,
                 from ../../libsrc/Dk/Dksystem.h:87,
                 from ../../libsrc/Dk.h:40,
                 from http_client.c:41:
In function 'strncat',
    inlined from 'http_cli_negotiate_socks4' at http_client.c:426:
/usr/include/bits/string3.h:154: warning: call to __builtin___strncat_chk might overflow destination buffer
Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev 2011-04-06 09:33:51 UTC
In file included from /usr/include/wchar.h:882:0,
                 from ../../libsrc/util/utf8funs.h:34,
                 from ../../libsrc/libutil.h:41,
                 from isql.c:27:
In function ‘fgetws’,
    inlined from ‘line_from_html_file’ at isql.c:10249:3:
/usr/include/bits/wchar2.h:392:2: warning: call to ‘__fgetws_chk_warn’ declared with attribute warning: fgetws called with bigger size than length of destination buffer
Comment 4 Tomáš Chvátal (RETIRED) gentoo-dev 2011-04-20 16:47:44 UTC
Only warnings with 6.1.3 -> closing as fixed.

 * QA Notice: Package has poor programming practices which may compile
 *            fine but exhibit random runtime failures.
 * hash.c:2019:4: warning: implicit declaration of function ‘it_free’ [-Wimplicit-function-declaration]
 * sqlsrv.c:3770:3: warning: implicit declaration of function ‘cluster_init’ [-Wimplicit-function-declaration]


 * QA Notice: Package has poor programming practices which may compile
 *            fine but exhibit random runtime failures.
 * xmlenc.c:3376:62: warning: the address of ‘sctx’ will always evaluate as ‘true’ [-Waddress]
 * xmlenc.c:3379:62: warning: the address of ‘sctx’ will always evaluate as ‘true’ [-Waddress]
 * xmlenc.c:3838:23: warning: the address of ‘sctx’ will always evaluate as ‘true’ [-Waddress]
 * xmlenc.c:3839:22: warning: the address of ‘sctx’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:5605:61: warning: the address of ‘sctx’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:5606:61: warning: the address of ‘sctx’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:6638:10: warning: the address of ‘sqt’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:6696:10: warning: the address of ‘sqt’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:7452:10: warning: the address of ‘sqt’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:7927:13: warning: the address of ‘sqt’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:8154:14: warning: the address of ‘sqt’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:10866:15: warning: the address of ‘sqt’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:10909:16: warning: the address of ‘sqt’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:10934:15: warning: the address of ‘sqt’ will always evaluate as ‘true’ [-Waddress]
 * bif_soap.c:11623:9: warning: the address of ‘sqt’ will always evaluate as ‘true’ [-Waddress]
 * CLIodbc3.c:348:339: warning: the address of ‘pcbSqlstate’ will always evaluate as ‘true’ [-Waddress]
 * CLIodbc3.c:348:612: warning: the address of ‘pcbSqlstate’ will always evaluate as ‘true’ [-Waddress]
 * CLIodbc3.c:364:339: warning: the address of ‘pcbSqlstate’ will always evaluate as ‘true’ [-Waddress]
 * CLIodbc3.c:364:612: warning: the address of ‘pcbSqlstate’ will always evaluate as ‘true’ [-Waddress]
 * CLIsql2.c:1085:11: warning: the address of ‘application_name’ will always evaluate as ‘true’ [-Waddress]
 * urlsimu.c:487:7: warning: the address of ‘file_to_put’ will always evaluate as ‘true’ [-Waddress]

 * Please do not file a Gentoo bug and instead report the above QA
 * issues directly to the upstream developers of this software.
 * Homepage: http://virtuoso.openlinksw.com/wiki/main/Main/