Possible buffer overrun with _FORTIFY_SOURCE.

To: debian-glibc@lists.debian.org
Subject: Possible buffer overrun with _FORTIFY_SOURCE.
From: Mats Erik Andersson <debian@gisladisker.se>
Date: Thu, 30 Aug 2012 11:30:06 +0200
Message-id: <[🔎] 20120830093005.GA27876@mea.homelinux.org>

Hello there,

we are struggling with a segmentation fault arising on Wheezy
exactly when CPPFLAGS contains "-D_FORTIFY_SOURCE=2".

Looking at the fairly recent patch

  cvs-FORTIFY-SOURCE-format-strings.diff

I observe the new code

  args_type = &args_size[nargs];
  memset (args_type, ..., nargs * sizeof (*args_type));

You are initialising ARGS_TYPE to the very last element
of an array, yet you are setting memory content possibly
far beyond the end point of the very same array. Would not

  args_type = &args_size[0];

have been the correct statement? I am fumbling in the dark
as to our problem, but this seems to be a critical point.

Best regards,

  Mats Erik Andersson, DM

Reply to:

Prev by Date: Re: glibc testsuite improvement
Previous by thread: Re: glibc testsuite improvement
Index(es):
- Date
- Thread