[erlang-bugs] R14B01: buffer overflow detected during compilation with -D_FORTIFY_SOURCE=2 (x86_64)

Nico Kruber kruber@REDACTED
Tue Dec 21 12:10:42 CET 2010


On Tuesday 21 December 2010 11:56:31 Christian Faulhammer wrote:
> Kenneth Lundin <kenneth.lundin@REDACTED>:
> > Has -D_FORTIFY_SOURCE been tried on R14B as well and did not show any
> > buffer overflow?
> 
>  There would have been reports (I maintain the package for Gentoo,
> where users build the package on their system)...and there were none.
> We use FORTIFY_SOURCE for some time now.

I can second this for openSUSE 11.3 - FORTIFY_SOURCE has been used before and R14B did not show this overflow (as mentioned in my first email)

> > As I understand it -D_FORTIFY_SOURCE is a patch to GCC developed by
> > Redhat and =2 can also report buffer flow for code that is correct.
> 
>  It is included in the trunk version and used by many distributions
> nowadays, especially for the server/hardened systems.
> 
> > If this buffer overflow indeed is a real bug then of course we want to
> > find it and correct it.
> 
>  Would be nice.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20101221/17cc03d3/attachment.bin>


More information about the erlang-bugs mailing list