(In reply to Szabolcs Nagy from comment #16)
> (In reply to Kees Cook from comment #14)
> > So I'd like to bring this back up and reiterate the issue: there is no
> > benefit to the early truncation, and it actively breaks lots of existing
> > software (which is why Debian and Ubuntu have had this
(In reply to Kees Cook from comment #14)
> So I'd like to bring this back up and reiterate the issue: there is no
> benefit to the early truncation, and it actively breaks lots of existing
> software (which is why Debian and Ubuntu have had this fix for 10 years now).
>
> What is the _benefit_ of
** Changed in: glibc
Status: Invalid => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/305901
Title:
Intrepid gcc -O2 breaks string appending with
It might be a good idea to take this discussion to the libc-alpha
mailing list.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/305901
Title:
Intrepid gcc -O2 breaks
There was a pretty lengthy discussion on this late last year:
https://sourceware.org/ml/libc-alpha/2018-12/msg00838.html
where the behaviour breakage was introduced in the non-fortified path
and then reverted. It might be a good idea to resume that discussion
for the fortified case as well.
--
So I'd like to bring this back up and reiterate the issue: there is no
benefit to the early truncation, and it actively breaks lots of existing
software (which is why Debian and Ubuntu have had this fix for 10 years
now).
What is the _benefit_ of early truncation that justifies breaking so
many
It's not defined in POSIX, but it has worked a certain way in glibc for
decades. There's no _reason_ to break it for _FORTIFY_SOURCE. Pre-
truncating just silently breaks programs and does weird stuff. If you
want to expose it with _FORITFY_SOURCE then have vsprintf notice that
the target and
The point of _FORTIFY_SOURCE is to expose undefined behaviour.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to binutils in Ubuntu.
https://bugs.launchpad.net/bugs/305901
Title:
Intrepid gcc -O2 breaks string appending with
I'd still like to have this patch applied -- while we can claim the
behavior is "undefined", it is not, in fact, undefined. It behaves one
way without -D_FORTIFY_SOURCE=2, and differently with it. And that
difference doesn't need to exist. Ubuntu carried this patch for quite a
while.
--
You
9 matches
Mail list logo