I have a setup where fortify source works well for strcat but not for strcpy, unless precisely -Os is used for optimization; all other levels of optimization do not work. My setup is constructed mainly using current development LFS with additions taken from current HLFS. In particular I use glibc 2.7, binutils 2.18, and gcc 4.1.2 The applied patches are:
http://www.linuxfromscratch.org/patches/hlfs/svn/glibc-2.5.1-pt_pax-1.patch http://www.linuxfromscratch.org/patches/hlfs/svn/glibc-2.5.1-ssp_hp-timing-1.patch http://www.linuxfromscratch.org/patches/lfs/development/binutils-2.18-configure-1.patch [ I left out all other binutils patches, since they did not apply cleanly on 2.18; many of them were detected as being already applied. ] http://www.linuxfromscratch.org/patches/hlfs/svn/gcc-4.1.2-fstack_protector-1.patch http://www.linuxfromscratch.org/patches/hlfs/svn/gcc-4.1.2-strncat_chk-1.patch http://www.linuxfromscratch.org/patches/hlfs/svn/gcc-4.1.2-fortify_source-2.patch http://www.linuxfromscratch.org/patches/hlfs/svn/gcc-4.1.2-fpie-2.patch http://www.linuxfromscratch.org/patches/hlfs/svn/gcc-4.1.2-DW_CFA_val-1.patch http://www.linuxfromscratch.org/patches/hlfs/svn/gcc-4.1.2-Wno_overlength_strings-1.patch http://www.linuxfromscratch.org/patches/hlfs/svn/gcc-4.1.2-PR26864-1.patch http://www.linuxfromscratch.org/patches/hlfs/svn/gcc-4.1.2-texinfo_fix-1.patch All tests concerning stack protection work, and fortify source works for strcat. However, like I wrote, fortify source refuses to work with strcpy unless -Os is used. Example program: #include <string.h> int main() { char buf[2]; strcpy(buf,"12345"); return 0; } Compiling that with gcc -fno-stack-protector -O2 gives no warning. I can run the program; it will not be aborted. If using gcc -fno-stack-protector -Os I get the expected compile-time warning /usr/include/bits/string3.h: In function 'main': /usr/include/bits/string3.h:145: warning: call to __builtin___strcat_chk will always overflow destination buffer and the program is aborted on run-time. Maybe someone can give me a hint were to start looking? Lasse
pgpE1XgvFz4Oo.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
