[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing

Yaroslav Halchenko <debian@onerussian.com> writes:

> long story short -- reason was the combination of optimization (-O1 was
> enough) + -D_FORTIFY_SOURCE=2 to fall into the "undefined" darkness of C
> standard(s) in s*printf() functions (man 3 sprintf, search for undefined
> or NOTES).

So basically a variation of the old problem of calling memcpy when one
meant to use memmove.  I'm actually surprised that type of call to sprintf
ever worked reliably with optimization, even without _FORTIFY_SOURCE.
But, like memcpy vs. memmove, it's the sort of thing that's horribly
difficult to debug.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: