binutils and _FORTIFY_SOURCE

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

binutils and _FORTIFY_SOURCE

Anthony Green-5
Hello binutils maintainers,

glibc reports buffer overflows when I build and run some "ar" ports
(like arm-elf-ar) on Fedora Core with -D_FORTIFY_SOURCE=2 [1].

A very quick look tells me there's no serious bug, just tricky
programming.  

I'm talking about things like, given

typedef struct
{
  char foo[4];
  int  bar;
} mystruct;

we see code kind of like...

  mystruct s;
  strcpy (s.foo, "1234");  /* buffer overflow here */
  s.bar = 5;   /* but it doesn't really matter */

Has anybody looked into this before?
Will you accept patches to remove false _FORTIFY_SOURCE errors?
I don't know if I will do this, but I thought I'd ask for the record.

AG


[1] http://www.redhat.com/magazine/009jul05/features/execshield/#checks



Reply | Threaded
Open this post in threaded view
|

Re: binutils and _FORTIFY_SOURCE

Alan Modra
On Sun, Nov 20, 2005 at 09:46:44AM -0800, Anthony Green wrote:

> typedef struct
> {
>   char foo[4];
>   int  bar;
> } mystruct;
>
> we see code kind of like...
>
>   mystruct s;
>   strcpy (s.foo, "1234");  /* buffer overflow here */
>   s.bar = 5;   /* but it doesn't really matter */
>
> Has anybody looked into this before?
> Will you accept patches to remove false _FORTIFY_SOURCE errors?

Yes.  The above really ought to be using memcpy.

--
Alan Modra
IBM OzLabs - Linux Technology Centre
Reply | Threaded
Open this post in threaded view
|

Re: binutils and _FORTIFY_SOURCE

Daniel Jacobowitz-2
On Mon, Nov 21, 2005 at 08:36:46AM +1030, Alan Modra wrote:

> On Sun, Nov 20, 2005 at 09:46:44AM -0800, Anthony Green wrote:
> > typedef struct
> > {
> >   char foo[4];
> >   int  bar;
> > } mystruct;
> >
> > we see code kind of like...
> >
> >   mystruct s;
> >   strcpy (s.foo, "1234");  /* buffer overflow here */
> >   s.bar = 5;   /* but it doesn't really matter */
> >
> > Has anybody looked into this before?
> > Will you accept patches to remove false _FORTIFY_SOURCE errors?
>
> Yes.  The above really ought to be using memcpy.

Didn't someone (Jakub?) try and fail to fix ar once already?

Not that I'd complain if someone succeeded!

--
Daniel Jacobowitz
CodeSourcery, LLC
Reply | Threaded
Open this post in threaded view
|

Re: binutils and _FORTIFY_SOURCE

Jakub Jelinek
On Sun, Nov 20, 2005 at 05:09:17PM -0500, Daniel Jacobowitz wrote:

> On Mon, Nov 21, 2005 at 08:36:46AM +1030, Alan Modra wrote:
> > On Sun, Nov 20, 2005 at 09:46:44AM -0800, Anthony Green wrote:
> > > typedef struct
> > > {
> > >   char foo[4];
> > >   int  bar;
> > > } mystruct;
> > >
> > > we see code kind of like...
> > >
> > >   mystruct s;
> > >   strcpy (s.foo, "1234");  /* buffer overflow here */
> > >   s.bar = 5;   /* but it doesn't really matter */
> > >
> > > Has anybody looked into this before?
> > > Will you accept patches to remove false _FORTIFY_SOURCE errors?
> >
> > Yes.  The above really ought to be using memcpy.
>
> Didn't someone (Jakub?) try and fail to fix ar once already?

I fixed what I encountered (look for _bfd_ar_spacepad in bfd/archive.c).
If you see anything left, please let me know what exactly,
but we are using -D_FORTIFY_SOURCE=2 compiled binutils for many
months on architectures we use and haven't seen anything like
that.  But ARM is not one of the architectures we use, so it
might be something ARM specific...

        Jakub
Reply | Threaded
Open this post in threaded view
|

Re: binutils and _FORTIFY_SOURCE

Anthony Green-5
On Mon, 2005-11-21 at 21:03 +0100, Jakub Jelinek wrote:
> I fixed what I encountered (look for _bfd_ar_spacepad in bfd/archive.c).
> If you see anything left, please let me know what exactly,
> but we are using -D_FORTIFY_SOURCE=2 compiled binutils for many
> months on architectures we use and haven't seen anything like
> that.  But ARM is not one of the architectures we use, so it
> might be something ARM specific...

I've only tested with 2.16.1.  I'll look at the CVS sources.

Thanks,

AG