[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] Re: Portage to die on sure-enough _FORTIFY_SOURCE overflows
From:       Mike Frysinger <vapier () gentoo ! org>
Date:       2010-09-29 13:32:57
Message-ID: 201009290932.58179.vapier () gentoo ! org
[Download RAW message or body]


On Wednesday, September 29, 2010 00:35:45 Ryan Hill wrote:
> On Tue, 28 Sep 2010 22:25:38 -0400 Mike Frysinger wrote:
> > > Something I forgot to ask before:  are the 'always overflow' warnings
> > > new w/ GCC 4.5 / glibc 2.12?  If they're new w/ 4.5 then we don't have
> > > a problem.
> > 
> > the fortify warnings typically come from glibc, not gcc.  i dont believe
> > many of these warnings are new.  the portage update i posted was because
> > i was reviewing a specific package, noticed a worrisome warning (and
> > fixed it), and then proceeded to data mine the last years worth of build
> > logs on my system for gcc warnings.
> 
> Okay, I noticed that some of these bugs are only happening with 4.5 (eg.
> 337020) so I thought it might have been expanded to catch more cases or
> something.

it might be a cumulative effect -- better constant propagation in gcc allows 
updated glibc fortify checks to catch more naughty code.  you can see in this 
bug the warning is coming via checks in the glibc headers.  but i'd have to 
sit down with different gcc/glibc versions and do some fiddlin' to give a less 
vague answer.
-mike

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]