HLFS/amd64

Fix 4d876b82 at gmail.com
Sun Oct 21 09:02:54 PDT 2007


> Well, now that is interesting, considering that this happens under
> gcc-3.4.x, but not gcc-4.1.x.  So gcc-4.2.x brought the problem back?
> 
> Or perhaps it was something to do with using the uClibc ssp vs the gcc
> ssp. I cannot seem to precisely remember, myself.
> 

__fgets-overflow.c with variable array length__:
#include <stdio.h>
#include <stdlib.h>
int
main(int argc, char *argv[])
{
        char b[_LENGTH_];
        int len = atoi(argv[1]);
        if ((fgets(b, len, stdin)) != b)
                return 1;
        (void)printf("%s\n", b);
        return 0;
}

__test.sh__:
#!/bin/sh
for i in `seq 1 50`; do
        gcc -o fgets-overflow fgets-overflow.c -U_FORTIFY_SOURCE -D_LENGTH_=$i >/dev/null 2>&1
        s=x
        while echo $s | ./fgets-overflow ${#s} >/dev/null 2>&1; do
                s=${s}x
        done
        echo $i ${#s}
done

$ ./test.sh > test.log

Results:

1 2
2 9
3 9
4 9
5 9
6 9
7 9
8 9
9 25
10 25
11 25
12 25
13 25
14 25
15 25
16 25
17 25
18 25
19 25
20 25
21 25
22 25
23 25
24 25
25 41
26 41
27 41
28 41
29 41
30 41
31 41
32 41
33 41
34 41
35 41
36 41
37 41
38 41
39 41
40 41
41 57
42 57
43 57
44 57
45 57
46 57
47 57
48 57
49 57
50 57
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20071022/dba2cf64/attachment.sig>


More information about the hlfs-dev mailing list