Re: [patch] fixed crash in vim-7.2.40 when compiling with gcc -O3

Bram Moolenaar Sun, 16 Nov 2008 08:13:54 -0800


Dominique Pelle wrote:


> 2008/11/16 Dominique Pelle <[EMAIL PROTECTED]>:
> 
> > 2008/11/16 Bram Moolenaar <[EMAIL PROTECTED]>:
> >
> >> Apparently -fstack-protector is on by default.  The "inline-functions"
> >> apparently does something to reveal the size of the destination to
> >> strcpy().  That's a bit unexpected though.
> >>
> >> Why not compile Vim with -fno-stack-protector ?  Can you try with -O3
> >> and that flag?  It's not clear to me that this stack-protector function
> >> is what actually adds the check for the array size.
> >
> > Adding -fno-stack-protector does not help either (same warning +
> > same crash).  But reading through the man page of gcc, I stumbled
> > upon this in the section about -O2:
> >
> > ==================================================
> >  NOTE: In Ubuntu 8.10 and later versions, -D_FORTIFY_SOURCE=2
> >  is set by default, and is activated when -O is set to 2 or higher.
> >  This enables additional compile-time and run-time checks for several
> >  libc functions.  To disable, specify either -U_FORTIFY_SOURCE or
> >  -D_FORTIFY_SOURCE=0.
> > ==================================================
> >
> > So I tried adding compiling with -O3 -D_FORTIFY_SOURCE=0
> > and it makes it work!
> >
> > So far I don't observe anything wrong so fat with
> > -O3 -D_FORTIFY_SOURCE=0.  'make test' succeeds
> > in every tests.
> >
> > I'm not 100% sure whether adding  -D_FORTIFY_SOURCE=0 silents
> > a real bug, or whether it was reporting a spurious error (more likely
> > from looking at vim code).  But even if it silents a spurious bug in this
> > case, adding -D_FORTIFY_SOURCE=0 may also silent other real
> > bugs, which is a shame. I'll add the info to the gcc bug buzilla, but
> > it was already and quickly marked as INVALID, so I don't expect
> > much there.
> >
> > -- Dominique
> 
> 
> I should add that building with -O3 -D_FORTIFY_SOURCE=1 also
> works which is better.
> 
> Reading about _FORTIFY_SOURCE in the following link, everything
> makes sense now.
> 
> Snippet from http://mail-index.netbsd.org/tech-userlevel/2007/05/23/0001.html
> 
> ===============================================
> The diffence between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2
> is e.g. for
> struct S { struct T { char buf[5]; int x; } t; char buf[20]; } var;
> With -D_FORTIFY_SOURCE=1,
> strcpy (&var.t.buf[1], "abcdefg");
> is not considered an overflow (object is whole VAR), while
> with -D_FORTIFY_SOURCE=2
> strcpy (&var.t.buf[1], "abcdefg");
> will be considered a buffer overflow.
> ===============================================
> 
> This example is very close to what vim does.  So it makes sense
> that -D_FORTIFY_SOURCE=2 detects an overflow, while
> -D_FORTIFY_SOURCE=1 does not.
> 
> Adding -D_FORTIFY_SOURCE=1 to Vim makefile sounds like
> a good idea.

This makes sense.  It actually mentions that -D_FORTIFY_SOURCE=2 may
break confirming programs.  This also means it should never be the
default.  So perhaps you can file a bug that the default should be to
use 1.

The argument is only needed for GCC 4 and later, right?  That's why I
didn't notice this, I'm using gcc 3.4.6 (FreeBSD is very conservative
about gcc versions, for a good reason).  So we can add a configure
check.

The patch below should work, if the information is correct.


*** ../vim-7.2.042/src/auto/configure   Thu Jul 24 17:20:50 2008
--- src/auto/configure  Sun Nov 16 17:08:44 2008
***************
*** 16819,16839 ****
    LDFLAGS="$LDFLAGS -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 
-arch ppc"
  fi
  
- { $as_echo "$as_me:$LINENO: checking for GCC 3 or later" >&5
- $as_echo_n "checking for GCC 3 or later... " >&6; }
  DEPEND_CFLAGS_FILTER=
  if test "$GCC" = yes; then
    gccmajor=`echo "$gccversion" | sed -e 's/^\([1-9]\)\..*$/\1/g'`
    if test "$gccmajor" -gt "2"; then
      DEPEND_CFLAGS_FILTER="| sed 's+-I */+-isystem /+g'"
!   fi
! fi
! if test "$DEPEND_CFLAGS_FILTER" = ""; then
!   { $as_echo "$as_me:$LINENO: result: no" >&5
  $as_echo "no" >&6; }
! else
!   { $as_echo "$as_me:$LINENO: result: yes" >&5
  $as_echo "yes" >&6; }
  fi
  
  
--- 16819,16847 ----
    LDFLAGS="$LDFLAGS -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 
-arch ppc"
  fi
  
  DEPEND_CFLAGS_FILTER=
  if test "$GCC" = yes; then
+   { $as_echo "$as_me:$LINENO: checking for GCC 3 or later" >&5
+ $as_echo_n "checking for GCC 3 or later... " >&6; }
    gccmajor=`echo "$gccversion" | sed -e 's/^\([1-9]\)\..*$/\1/g'`
    if test "$gccmajor" -gt "2"; then
      DEPEND_CFLAGS_FILTER="| sed 's+-I */+-isystem /+g'"
!     { $as_echo "$as_me:$LINENO: result: yes" >&5
! $as_echo "yes" >&6; }
!   else
!     { $as_echo "$as_me:$LINENO: result: no" >&5
  $as_echo "no" >&6; }
!   fi
!       { $as_echo "$as_me:$LINENO: checking whether we need 
-D_FORTIFY_SOURCE=1" >&5
! $as_echo_n "checking whether we need -D_FORTIFY_SOURCE=1... " >&6; }
!   if test "$gccmajor" -gt "3"; then
!     CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=1"
!     { $as_echo "$as_me:$LINENO: result: yes" >&5
  $as_echo "yes" >&6; }
+   else
+     { $as_echo "$as_me:$LINENO: result: no" >&5
+ $as_echo "no" >&6; }
+   fi
  fi
  
  
*** ../vim-7.2.042/src/configure.in     Thu Jul 24 17:20:31 2008
--- src/configure.in    Sun Nov 16 17:08:40 2008
***************
*** 3152,3169 ****
  dnl But only when making dependencies, cproto and lint don't take "-isystem".
  dnl Mac gcc returns "powerpc-apple-darwin8-gcc-4.0.1 (GCC)...", need to allow
  dnl the number before the version number.
- AC_MSG_CHECKING(for GCC 3 or later)
  DEPEND_CFLAGS_FILTER=
  if test "$GCC" = yes; then
    gccmajor=`echo "$gccversion" | sed -e 's/^\([[1-9]]\)\..*$/\1/g'`
    if test "$gccmajor" -gt "2"; then
      DEPEND_CFLAGS_FILTER="| sed 's+-I */+-isystem /+g'"
    fi
- fi
- if test "$DEPEND_CFLAGS_FILTER" = ""; then
-   AC_MSG_RESULT(no)
- else
-   AC_MSG_RESULT(yes)
  fi
  AC_SUBST(DEPEND_CFLAGS_FILTER)
  
--- 3152,3176 ----
  dnl But only when making dependencies, cproto and lint don't take "-isystem".
  dnl Mac gcc returns "powerpc-apple-darwin8-gcc-4.0.1 (GCC)...", need to allow
  dnl the number before the version number.
  DEPEND_CFLAGS_FILTER=
  if test "$GCC" = yes; then
+   AC_MSG_CHECKING(for GCC 3 or later)
    gccmajor=`echo "$gccversion" | sed -e 's/^\([[1-9]]\)\..*$/\1/g'`
    if test "$gccmajor" -gt "2"; then
      DEPEND_CFLAGS_FILTER="| sed 's+-I */+-isystem /+g'"
+     AC_MSG_RESULT(yes)
+   else
+     AC_MSG_RESULT(no)
+   fi
+   dnl -D_FORTIFY_SOURCE=2 crashes Vim on strcpy(buf, "000") when buf is
+   dnl declared as char x[1] but actually longer.  Introduced in gcc 4.0.
+   AC_MSG_CHECKING(whether we need -D_FORTIFY_SOURCE=1)
+   if test "$gccmajor" -gt "3"; then
+     CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=1"
+     AC_MSG_RESULT(yes)
+   else
+     AC_MSG_RESULT(no)
    fi
  fi
  AC_SUBST(DEPEND_CFLAGS_FILTER)
  
*** ../vim-7.2.042/src/eval.c   Wed Nov 12 15:28:37 2008
--- src/eval.c  Sun Nov 16 17:00:17 2008
***************
*** 21150,21157 ****
      init_var_dict(&fc.l_avars, &fc.l_avars_var);
      add_nr_var(&fc.l_avars, &fc.fixvar[fixvar_idx++].var, "0",
                                (varnumber_T)(argcount - fp->uf_args.ga_len));
      v = &fc.fixvar[fixvar_idx++].var;
!     STRCPY(v->di_key, "000");
      v->di_flags = DI_FLAGS_RO | DI_FLAGS_FIX;
      hash_add(&fc.l_avars.dv_hashtab, DI2HIKEY(v));
      v->di_tv.v_type = VAR_LIST;
--- 21150,21160 ----
      init_var_dict(&fc.l_avars, &fc.l_avars_var);
      add_nr_var(&fc.l_avars, &fc.fixvar[fixvar_idx++].var, "0",
                                (varnumber_T)(argcount - fp->uf_args.ga_len));
+     /* Use "name" to avoid a warning from some compiler that checks the
+      * destination size. */
      v = &fc.fixvar[fixvar_idx++].var;
!     name = v->di_key;
!     STRCPY(name, "000");
      v->di_flags = DI_FLAGS_RO | DI_FLAGS_FIX;
      hash_add(&fc.l_avars.dv_hashtab, DI2HIKEY(v));
      v->di_tv.v_type = VAR_LIST;
***************
*** 21394,21400 ****
      char      *name;
      varnumber_T nr;
  {
!     STRCPY(v->di_key, name);
      v->di_flags = DI_FLAGS_RO | DI_FLAGS_FIX;
      hash_add(&dp->dv_hashtab, DI2HIKEY(v));
      v->di_tv.v_type = VAR_NUMBER;
--- 21397,21408 ----
      char      *name;
      varnumber_T nr;
  {
!     char_u *kname;
! 
!     /* Use an intermediate variable to avoid a warning when the compiler does
!      * function inlining. */
!     kname = v->di_key;
!     STRCPY(kname, name);
      v->di_flags = DI_FLAGS_RO | DI_FLAGS_FIX;
      hash_add(&dp->dv_hashtab, DI2HIKEY(v));
      v->di_tv.v_type = VAR_NUMBER;


-- 
hundred-and-one symptoms of being an internet addict:
268. You get up in the morning and go online before getting your coffee.

 /// Bram Moolenaar -- [EMAIL PROTECTED] -- http://www.Moolenaar.net   \\\
///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\        download, build and distribute -- http://www.A-A-P.org        ///
 \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

--~--~---------~--~----~------------~-------~--~----~
You received this message from the "vim_dev" maillist.
For more information, visit http://www.vim.org/maillist.php
-~----------~----~----~----~------~----~------~--~---

Re: [patch] fixed crash in vim-7.2.40 when compiling with gcc -O3

Raspunde prin e-mail lui