Fortify_source

Robert Connolly robert at linuxfromscratch.org
Thu Aug 3 18:52:09 PDT 2006


Hi. It looks like  -D_FORTIFY_SOURCE requires optimizations for it to work:

----

$ cat fortify-test.c
#include <string.h>
main()
{
char buf[2];
strcpy(buf,"12345");
}

$ gcc -o fortify-test fortify-test.c
$ ./fortify-test
Segmentation fault

$ gcc -o fortify-test fortify-test.c -D_FORTIFY_SOURCE=2
$ ./fortify-test
Segmentation fault

$ gcc -o fortify-test fortify-test.c -D_FORTIFY_SOURCE=2 -O
fortify-test.c: In function 'main':
fortify-test.c:5: warning: call to __builtin___strcpy_chk will always overflow 
destination buffer
$ ./fortify-test
*** buffer overflow detected ***: ./fortify-test terminated
Aborted

$ gcc -o fortify-test fortify-test.c -D_FORTIFY_SOURCE=2 -O99
fortify-test.c: In function 'main':
fortify-test.c:5: warning: call to __builtin___strcpy_chk will always overflow 
destination buffer
$ ./fortify-test
*** buffer overflow detected ***: ./fortify-test terminated
Aborted

----

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20060803/351b239a/attachment.sig>


More information about the hlfs-dev mailing list