Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing

[Russ Allbery <rra@debian.org>]

Yaroslav Halchenko <debian@onerussian.com> writes:

> long story short -- reason was the combination of optimization (-O1 was
> enough) + -D_FORTIFY_SOURCE=2 to fall into the "undefined" darkness of C
> standard(s) in s*printf() functions (man 3 sprintf, search for undefined
> or NOTES).

So basically a variation of the old problem of calling memcpy when one
meant to use memmove.  I'm actually surprised that type of call to sprintf
ever worked reliably with optimization, even without _FORTIFY_SOURCE.
But, like memcpy vs. memmove, it's the sort of thing that's horribly
difficult to debug.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>