Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 340441 - media-video/transcode _FORTIFY_SOURCE indicates presence of overflow
Summary: media-video/transcode _FORTIFY_SOURCE indicates presence of overflow
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Media-video project
Depends on:
Blocks: fortify-source
  Show dependency tree
Reported: 2010-10-10 23:38 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2011-12-08 18:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Build log (transcode-1.1.5-r2:20101010-171930.log,504.54 KB, text/plain)
2010-10-10 23:38 UTC, Diego Elio Pettenò (RETIRED)

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-10 23:38:27 UTC
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Your friendly neighborhood tinderboxer
Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-10-10 23:38:59 UTC
Created attachment 250187 [details]
Build log
Comment 2 Kevin Pyle 2010-10-12 04:07:43 UTC
The overflow message does not blame the offending line, but based on source inspection and a quick test program, I see a probable cause.  In avidump.c!dump_vals (off_t val64 (line 323)) and in avidump.c!ProcessChunk (off_t offset (line 608)), upstream declares a variable of type off_t and calls read as though it will be an 8 byte wide value.  On i686 with the defines used, off_t is 4 bytes.  This triggers a fortification warning.  Since the surrounding code is probably expecting the read to move the file position by 8, the safe fix would be to replace the affected off_t variables with a wider variable, such as off64_t or equivalent.
Comment 3 Kevin Pyle 2010-10-13 04:12:41 UTC
Amendment to comment #2: loff_t is 8 bytes long on x86 and amd64, and is available from <sys/types.h> without specifying any preprocessor defines, so it is probably a good choice for the fix.  Maintainers, are you comfortable writing a patch to do this?
Comment 4 Samuli Suominen (RETIRED) gentoo-dev 2011-12-06 07:48:34 UTC
I'm not seeing this with 1.1.7.   Can you still reproduce?
Comment 5 Samuli Suominen (RETIRED) gentoo-dev 2011-12-08 18:36:28 UTC
I played with various USE flag combinations as well as -O levels and not seeing this anymore. Assuming fixed by 1.1.7. Reopen if not.