[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: think twice before enabling -D_FORTIFY_SOURCE=2 for C projects without thorough build-time testing

On Sat, Sep 21, 2013 at 12:00:57AM +0200, Adam Borowski wrote:
> > So basically a variation of the old problem of calling memcpy when one
> > meant to use memmove.  I'm actually surprised that type of call to sprintf
> > ever worked reliably with optimization, even without _FORTIFY_SOURCE.
> > But, like memcpy vs. memmove, it's the sort of thing that's horribly
> > difficult to debug.
> This is something that can be tested for in s*printf() itself: deoptimizing
> it by a single comparison is probably worth catching a relatively popular
> error.
Do we have data about its popularity?


Attachment: signature.asc
Description: Digital signature

Reply to: