On Thu, Apr 04, 2013 at 09:26:34AM -0400, Steve Grubb wrote:
> Last week I was looking at nspr and wondering why fortify_source was not
> getting used and found that it wrapped functions for "portability". For
> example, it has PL_strcpy which only wraps strcpy. The problem is the size
> information is lost by the wrapping so that the fortify macros have nothing
> to
> work with. I know this is a common technique, I've seen it a lot. But this
> idiom defeats a security mechanism.
Wrapping memory and string ops (except perhaps for wrapping in inline
functions) is a terrible idea, not just because of -D_FORTIFY_SOURCE, but
for many other reasons too, the compiler then can't optimize the calls if
they are called with constant arguments (lengths, const string literals,
etc.), can't choose best generated code, can't argue about those from
aliasing, points to etc. POV, can't attempt to optimize say
PL_strcat (str1, "abcde");
PL_strcat (str1, str2);
etc. So, whenever somebody comes across such a mess in packages we ship in
Fedora, please try to undo that mess by adding #defines or inline wrappers.
Jakub
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
