[email protected] wrote: >> There is no real buffer overflow here AFAICS but the real problem is, >> that the destination of the strcpy() is defined as char[1] in this >> case (it's the nrdn member of a struct diskNode). The additional >> runtime check when compiling with -D_FORTIFY_SOURCE=2 sees that the >> destination data will not fit in there and aborts. > > This is similar to the struct hack, except nrdn is not the last struct > member. IIRC it actually is invalid to use nrdn as an accessor for the > following struct members (from the compiler's point of view). > > Another case of "not quite the Struct Hack" broke last year: ITS#6303. > If _FORTIFY_SOURCE is warning us that gcc might break this code, the > memcpy patch might merely shut up the warning without fixing the > problem. In that case, the simplest change would be to do away with > struct diskNode - or keep it for reference but not actually use it. > > I'm reopening the ITS for someone else to decide if they care, I have > other things on my mind currently. > Nope, we don't care. The purpose and usage of diskNode is thoroughly documented in the comments and all of the uses are correct. Marking this Test again.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
