r1172 - in trunk/BOOK: chapter05 chapter06

robert at linuxfromscratch.org robert at linuxfromscratch.org
Sun Jun 17 14:18:51 PDT 2007


Author: robert
Date: 2007-06-17 15:18:51 -0600 (Sun, 17 Jun 2007)
New Revision: 1172

Modified:
   trunk/BOOK/chapter05/cocoon-toolchain.xml
   trunk/BOOK/chapter06/butterfly-toolchain.xml
Log:
Credit netbsd more overtly for the regression tests, since most people don't read the acknowledgments page

Modified: trunk/BOOK/chapter05/cocoon-toolchain.xml
===================================================================
--- trunk/BOOK/chapter05/cocoon-toolchain.xml	2007-06-17 21:12:27 UTC (rev 1171)
+++ trunk/BOOK/chapter05/cocoon-toolchain.xml	2007-06-17 21:18:51 UTC (rev 1172)
@@ -356,9 +356,10 @@
       <para>Confirm the new compiler is working as expected. This program
       is a perfect example of a very bad thing. It allows user input to
       go directly to the <function>strcat</function> function without
-      checking the size of the source or destination buffer.
-      _FORTIFY_SOURCE checking will detect this overflow before SSP, because
-      they work in completely different ways:</para>
+      checking the size of the source or destination buffer. This regression
+      program is from the NetBSD project. _FORTIFY_SOURCE checking will detect
+      this overflow before SSP, because they work in completely different
+      ways:</para>
 
 <screen><userinput>cat > strcat-overflow.c << "EOF"
 #include <stdio.h>

Modified: trunk/BOOK/chapter06/butterfly-toolchain.xml
===================================================================
--- trunk/BOOK/chapter06/butterfly-toolchain.xml	2007-06-17 21:12:27 UTC (rev 1171)
+++ trunk/BOOK/chapter06/butterfly-toolchain.xml	2007-06-17 21:18:51 UTC (rev 1172)
@@ -266,6 +266,7 @@
     <important>
       <?dbfo keep-together="auto"?>
       <para>This test program will cause fgets(3) to have a buffer overflow.
+      This regression program is from the Netbsd project.
       This is an example where static code checking will not detect a problem,
       because the overflow is caused by user input at run time. The only
       problem that is reported by static code analysis programs, like




More information about the hlfs-book mailing list