fortify source question
fly_b747 at gmx.de
Sat Jan 3 07:50:18 PST 2009
this is a bit off-topic, however if someone could point me in the right
direction, I would appreciate it.
I am trying to build a toolchain based on the HLFS-SVN-20080603 (the
last html-version) but with updated packages according to LFS 6.4. Which
So far, everything wored like a charm, however while testing my
butterfly toolchain there seems to be some problem with fortify source:
the fgets-overflow works like expected:
echo abcdefghijklm | ./fgets-overflow 14
*** buffer overflow detected ***: ./fgets-overflow terminated
======= Backtrace: [...]
however the strcpy-overflow does not:
cat > strcpy-overflow.c << "EOF"
> #include <string.h>
> int main()
> char buf;
> return 0;
root:~# gcc -o strcpy-overflow strcpy-overflow.c -static -L/usr/lib/static
[ there is no warning about overflowing the buffer while compilng ]
*** stack smashing detected ***: ./strcpy-overflow terminated
======= Backtrace: [ ...]
and the overflow seems to be detected by ssp, not fortify source.
even compiling with
gcc -o strcpy-overflow strcpy-overflow.c -static -L/usr/lib/static -Wall
gives the same results.
I disabled libssp in the gcc build, since glibc provides it. Could this
be the reason? Or is gcc-4.3 the problem?
I attached gcc -dumpspecs for info...
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the hlfs-dev