Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing
Yaroslav Halchenko <firstname.lastname@example.org> writes:
> long story short -- reason was the combination of optimization (-O1 was
> enough) + -D_FORTIFY_SOURCE=2 to fall into the "undefined" darkness of C
> standard(s) in s*printf() functions (man 3 sprintf, search for undefined
> or NOTES).
So basically a variation of the old problem of calling memcpy when one
meant to use memmove. I'm actually surprised that type of call to sprintf
ever worked reliably with optimization, even without _FORTIFY_SOURCE.
But, like memcpy vs. memmove, it's the sort of thing that's horribly
difficult to debug.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>