bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Configure problem when compiling with -D_FORTIFY_SOURCE

From: Greg Schafer
Subject: Re: Configure problem when compiling with -D_FORTIFY_SOURCE
Date: Sun, 16 Sep 2007 11:09:36 +1000
User-agent: Pan/0.14.2 (This is not a psychotic episode. It's a cleansing moment of clarity.) 
Bruno Haible wrote:

> This configure test and how glibc should handle printing of random bitpatterns
> was subject of a bug report
>   http://sourceware.org/bugzilla/show_bug.cgi?id=4586
> and a lengthy discussion. The bug was fixed by Jakub Jelinek in July 2007;
> the fix should be contained in glibc-2.6.1. Summarizing the discussion:
> While Ulrich Drepper and Andreas Schwab denied that glibc was doing anything
> wrong, others thought that glibc should not crash on random bitpatterns passed
> as floating-point numbers.
> 
> It appears that the crash is gone, but either a buffer overflow is still
> present, or some source code annotations for bounds checking needs to be
> added to __printf_fp and related functions.
> 
> Can you first reduce the failed configure program (copy & paste from 
> config.log)
> to a test case as small as possible, and then report it in the glibc bug
> tracker?

Posting here for review first:

$ cat foo.c
#include <stdio.h>

static char buf[100];
int main ()
{
#  define LDBL80_WORDS(exponent,manthi,mantlo)      { mantlo, manthi, exponent }
  { /* Pseudo-Infinity.  */
    static union { unsigned int word[4]; long double value; } x =
      { LDBL80_WORDS (0xFFFF, 0x00000000, 0x00000000) };
    if (sprintf (buf, "%Lf", x.value) < 0)
      return 1;
  }
  return 0;
}

$ gcc -o foo -O -D_FORTIFY_SOURCE -Wall foo.c
$ ./foo
*** buffer overflow detected ***: ./foo terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xb7ec08b1]
/lib/libc.so.6[0xb7ec00b8]
/lib/libc.so.6(_IO_default_xsputn+0xb7)[0xb7e3f097]
/lib/libc.so.6(__printf_fp+0x6a9)[0xb7e1b559]
/lib/libc.so.6(_IO_vfprintf+0x3c7)[0xb7e16877]
/lib/libc.so.6(__vsprintf_chk+0xad)[0xb7ec016d]
/lib/libc.so.6(__sprintf_chk+0x30)[0xb7ec00a0]
./foo[0x80483c6]
/lib/libc.so.6(__libc_start_main+0xe0)[0xb7deef90]
./foo[0x8048311]
======= Memory map: ========
08048000-08049000 r-xp 00000000 08:0c 3002297    /home/pkgmgr/foo
08049000-0804a000 rw-p 00000000 08:0c 3002297    /home/pkgmgr/foo
0804a000-0806b000 rw-p 0804a000 00:00 0          [heap]
b7dcd000-b7dd7000 r-xp 00000000 08:0c 3004648    /usr/lib/libgcc_s.so.1
b7dd7000-b7dd8000 rw-p 00009000 08:0c 3004648    /usr/lib/libgcc_s.so.1
b7dd8000-b7dd9000 rw-p b7dd8000 00:00 0 
b7dd9000-b7f1a000 r-xp 00000000 08:0c 3004067    /lib/libc-2.6.1.so
b7f1a000-b7f1c000 r--p 00141000 08:0c 3004067    /lib/libc-2.6.1.so
b7f1c000-b7f1d000 rw-p 00143000 08:0c 3004067    /lib/libc-2.6.1.so
b7f1d000-b7f21000 rw-p b7f1d000 00:00 0 
b7f23000-b7f24000 r-xp b7f23000 00:00 0          [vdso]
b7f24000-b7f40000 r-xp 00000000 08:0c 3004050    /lib/ld-2.6.1.so
b7f40000-b7f41000 r--p 0001b000 08:0c 3004050    /lib/ld-2.6.1.so
b7f41000-b7f42000 rw-p 0001c000 08:0c 3004050    /lib/ld-2.6.1.so
bf986000-bf99b000 rw-p bf986000 00:00 0          [stack]
Aborted

Regards
Greg
reply via email to
[Prev in Thread] Current Thread [Next in Thread]