fortify source question
fly_b747 at gmx.de
Sun Jan 18 02:28:29 PST 2009
Robert Connolly wrote:
> For reasons I'm not aware of, Glibc allows buffer checking to go over the
> mark. I assume they are aware of it, but I have not checked into it. Libssp
> is more strict.
Thanks for the info, I will rebuild with libssp. One thing I found out
trying to investigate the mentioned issue:
Looking at the asm compiler output from gcc -S strcpy-overflow.c,
gcc-4.3.2 seems to optimize the call to strcpy in a way, that there is
no need for the call at all. Which in turn means, there can be no
fortify source warning and no replacement with __strcpy_chk.
More information about the hlfs-dev