------- Comment #8 from dominique dot pelle at gmail dot com 2008-11-16 14:06 ------- I should add that building with -O3 -D_FORTIFY_SOURCE=1 also works which is better.
Reading about _FORTIFY_SOURCE in the following link, everything makes sense now. Snippet from http://mail-index.netbsd.org/tech-userlevel/2007/05/23/0001.html =============================================== The difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 is e.g. for struct S { struct T { char buf[5]; int x; } t; char buf[20]; } var; With -D_FORTIFY_SOURCE=1, strcpy (&var.t.buf[1], "abcdefg"); is not considered an overflow (object is whole VAR), while with -D_FORTIFY_SOURCE=2 strcpy (&var.t.buf[1], "abcdefg"); will be considered a buffer overflow. =============================================== This example is very close to what vim does. So it makes sense that -D_FORTIFY_SOURCE=2 detects an overflow, while -D_FORTIFY_SOURCE=1 does not. It thus OK to keep the bug as RESOLVED INVALID. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38136