--- Begin Message ---
Package: gcc-4.7
Version: 4.7.1-3
Severity: normal
I was playing with -fstack-protector flag to lern this hardening thing.
There may be some regression.
Here is my toy example C code with buffer overflow.
=========================================================
#include <stdio.h>
#include <string.h>
int main(int argc, char** argv) {
char * data = "qwertyuiopasdfghjklzxcvbnm12345678901234567890";
char dest[5]; /* too small */
printf("'%s'\n", "Next line overflows!!!");
strcpy(dest,data);
printf("'%s'\n", "No no no ...");
return 0;
}
=========================================================
I compiled with:
=========================================================
$ gcc -g -fno-stack-protector -o bof-unsafe bof.c
$ gcc -g -fstack-protector -o bof-safe bof.c
$ gcc -g -fstack-protector-all -o bof-safest bof.c
=========================================================
I get this as result now.
=========================================================
$ ./bof-unsafe || echo \"Error\"
'Next line overflows!!!'
'No no no ...'
Segmentation fault
"Error"
$ ./bof-safe || echo \"Error\"
'Next line overflows!!!'
'No no no ...'
Segmentation fault
"Error"
$ ./bof-safest || echo \"Error\"
'Next line overflows!!!'
'No no no ...'
*** stack smashing detected ***: ./bof-safest terminated
Segmentation fault
"Error"
=========================================================
Before upgrading to the current version (few days ago), ./bof-safe
compiled with -fstack-protector stopped nicely with good long back trace
information right after execution of strcpy(dest,data) as expected. Now
it does not and I see 'No no no ...'.
I may be missing some utility here etc. since I am new to this
-fstack-protector thing. But what I used to see is more desirable.
Osamu
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (10, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gcc-4.7 depends on:
ii binutils 2.22-7
ii cpp-4.7 4.7.1-3
ii gcc-4.7-base 4.7.1-3
ii libc6 2.13-34
ii libgcc1 1:4.7.1-3
ii libgmp10 2:5.0.5+dfsg-2
ii libgomp1 4.7.1-3
ii libitm1 4.7.1-3
ii libmpc2 0.9-4
ii libmpfr4 3.1.0-5
ii libquadmath0 4.7.1-3
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages gcc-4.7 recommends:
ii libc6-dev 2.13-34
Versions of packages gcc-4.7 suggests:
ii binutils-gold 2.22-7
pn gcc-4.7-doc <none>
ii gcc-4.7-locales 4.7.1-3
pn gcc-4.7-multilib <none>
ii libgcc1-dbg 1:4.7.1-3
ii libgomp1-dbg 4.7.1-3
ii libitm1-dbg 4.7.1-3
ii libmudflap0-4.7-dev 4.7.1-3
ii libmudflap0-dbg 4.7.1-3
ii libquadmath0-dbg 4.7.1-3
-- no debconf information
--- End Message ---