tests in 5.9. cocoon toolchain

Petr Cerny peterph at centrum.cz
Thu Feb 14 07:55:38 PST 2008


Robert Connolly wrote:
> On Wednesday February 13 2008 12:27:51 pm Petr Cerny wrote:
>> Robert Connolly wrote:
>> > On Tuesday February 12 2008 11:20:57 am Petr Cerny wrote:
>> >> Hi,
>> >>
>> >> I'm a little bit confused by the section of important tests in 5.9.
>> >> (Version SVN-20080118) - should:
>> >>
>> >> $gcc -o strcat-overflow strcat-overflow.c -U_FORTIFY_SOURCE
>> >>
>> >> really produce stack-smashing-protected binary (as indicated by stated
>> >> output)? I'd rather expect it producing a non-protected program, which
>> >> is exactly what happens for my build (not by-the-book as I'm trying
>> >> x86-64).
>> >
>> > The -U_FORTIFY_SOURCE does not disable stack protection. If the program
>> > does a segmentation fault then ssp isn't on by default for you. Retry
>> > with -fstack-protector-all just to see if it works. I don't think you
>> > applied the gcc-fstack_protector patch. The ssp patch should work for
>> > every architecture (the fpie patch probably doesn't work for x86-64).
>>
>> Thanks for prompt answer. Meanwhile, I've made myself clear the
>> difference between ssp and _FORTIFY_SOURCE - which was the cause of
>> misunderstanfing in this case. The stack-smashing protector works for me
>> in 64bit binary however, I had to supply the test program much longer
>> string (about 25bytes) - maybe stack is differently organized or aligned
>> on x86-64 or some additional registers get stored between the canary and
>> the string?
> 
> I think it has more to do with libc than gcc, but I'm just guessing.

Well, I'll see what happens in the next stage...

>> As for the fpie patch: is there some (simple) way to test whether it
>> works for x86-64? (It will probably require some update as there are
>> some sections which modify only "32bit parts" of gcc).
> 
> readelf -ld strcat-overflow | \
>     grep -E 'Shared object|TEXTREL'

DYN shared object...

> If it's not working, the patch should be pretty simple. Try to tell me if 
> gcc/config/ia64/linux.h is a file you use, instead of 
> gcc/config/i386/linux.h. The patch for both files will be the same. I'll add 
> the x86-64 difference if you can test it.

AFAIK gcc/config/ia64/linux.h is for Itanium (or whatever name that 
Intel RISC platform has). x86-64 should be in gcc/config/i386/linux64.h 
and (maybe but quite unlikely in gcc/config/i386/*64*).

Best regards
	Petr



More information about the hlfs-dev mailing list