Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 421809 - app-emulation/simh _FORTIFY_SOURCE indicates presence of overflow
Summary: app-emulation/simh _FORTIFY_SOURCE indicates presence of overflow
Status: RESOLVED OBSOLETE
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Highest major (vote)
Assignee: Sergei Trofimovich
URL: https://tinderboxlogs.s3.amazonaws.co...
Whiteboard:
Keywords: UPSTREAM
Depends on:
Blocks: fortify-source
  Show dependency tree
 
Reported: 2012-06-18 17:05 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2020-01-30 09:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2012-06-18 17:05:08 UTC
You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer.

Even though this is not always an indication of a security problem it might even be. So please check this out ASAP.

By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0.

Thanks,
Your friendly neighborhood tinderboxer
Comment 1 Sergey Popov gentoo-dev 2012-11-29 11:35:49 UTC
Reported upstream: https://github.com/simh/simh/issues/15
Comment 2 Jonas Stein gentoo-dev 2017-07-10 21:04:32 UTC
any news? Upstream marked the ticket as closed. Version is missing in the title, but 3.9 was released in Nov 2014.
Comment 3 Sergei Trofimovich gentoo-dev 2020-01-30 09:03:20 UTC
The full warning is:

"""
x86_64-pc-linux-gnu-gcc -std=c99 -U__STRICT_ANSI__  -O2 -pipe -ggdb -march=native -ftracer -finline-functions -fgcse-after-reload -fpredictive-commoning -fipa-cp-clone -fno-unsafe-loop-optimizations -fno-strict-overflow -flto -fwhole-program -Wno-unused-result -I . -D_GNU_SOURCE -DUSE_READER_THREAD -DHAVE_DLOPEN=so  swtp6800/common/mp-a.c swtp6800/common/m6800.c swtp6800/common/m6810.c swtp6800/common/bootrom.c swtp6800/common/dc-4.c swtp6800/common/mp-s.c swtp6800/swtp6800/mp-a_sys.c swtp6800/common/mp-b2.c swtp6800/common/mp-8m.c scp.c sim_console.c sim_fio.c sim_timer.c sim_sock.c sim_tmxr.c sim_ether.c sim_tape.c -I swtp6800/swtp6800 -o BIN/swtp6800mp-a -lm -lrt -lpthread -ldl -lpcap -Wl,-O1 -Wl,--as-needed -flto -fwhole-program
In file included from I1401/i1401_mt.c:208:0,
                 from sim_tape.c:517,
                 from :26:
In function 'sim_fread.part.0.5296.constprop.56',
    inlined from 'sim_fread.constprop.52' at sim_tape.c:399:8,
    inlined from 'sim_tape_rdrecf.constprop.40' at sim_tape.c:415:15:
/usr/include/bits/stdio2.h:282:2: warning: call to '__fread_chk_warn' declared with attribute warning: fread called with bigger size * nmemb than length of destination buffer [enabled by default]
"""

Does not happen on modern toolchain. Given it's a warning on the code full of constant propagations by an optimiser I suspect gcc blamed logically unreachable code here.

Closing as obsolete.