Robert Connolly wrote: > For reasons I'm not aware of, Glibc allows buffer checking to go over the > mark. I assume they are aware of it, but I have not checked into it. Libssp > is more strict. > > robert
Thanks for the info, I will rebuild with libssp. One thing I found out trying to investigate the mentioned issue: Looking at the asm compiler output from gcc -S strcpy-overflow.c, gcc-4.3.2 seems to optimize the call to strcpy in a way, that there is no need for the call at all. Which in turn means, there can be no fortify source warning and no replacement with __strcpy_chk. thorsten -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
