[erlang-bugs] R14B01: buffer overflow detected during compilation with -D_FORTIFY_SOURCE=2 (x86_64)

Nico Kruber kruber@REDACTED
Wed Dec 22 15:27:30 CET 2010 

I also tried with a clean R14B01 (without distro-patches and without all the build service "overhead" from the log I provided, e.g. environment variables) - same result.

so I just used this (openSUSE 11.3, x86_64, dual-core CPU, GCC is 4.5.0_20100604-1.12):

./configure --with-ssl=/usr --enable-threads --enable-smp-support --enable-kernel-poll --enable-hipe --enable-shared-zlib
make

If you can access the openSUSE BuildService, you can exactly reproduce the environment I (normally) built my packages on:
(you can install the osc command line client from a repository in http://software.opensuse.org/download/openSUSE:/Tools/ available for a lot of distributions)

osc checkout home:tschuett erlang
cd home\:tschuett/erlang
osc build --ccache openSUSE_11.3 erlang.spec

(--ccache is just for performance in case of re-compilation)

It will download all rpms required to build the package and set up a chroot environment for it.
You can remove the distribution specific patches as well as my workaround setting D_FORTIFY_SOURCE=1 in the .spec file.

The error message is _always_ there and always in the same file.

Nico

On Wednesday 22 December 2010 14:37:38 Björn-Egil Dahlberg wrote:
> Hi,
> 
> I am trying to reproduce this error, but I am sad to say that I seem to 
> be missing something. Now, I am not a build environment expert but this 
> should be straight forward right?
> 
> First off, this is otp_src_R14B01 with no distribution specific patches 
> applied? Seems unlikely, since both Gentoo and openSUSE hits this error.
> 
> Now, I don't have any gentoo or opensuse x86_64 available, I have a 
> 32-bit gentoo which doesn't seem to produce this error (i didn't expect 
> it to), and plenty of SuSE sled/sles 10.1 - 2 x86_64, which doesn't have 
> the compiler.
> 
> I do have some newer x86_64 Ubuntu's so I tried with gcc (Ubuntu 
> 4.4.3-4ubuntu5) 4.4.3. This compiler should have the fortify sources 
> patch (default since 9.10). -D_FORTIFY_SOURCE=2 shouldn't be needed 
> since -02 and higher implies this option. A small testprogram confirms 
> that -02 and memcpy check works anyways.
> 
> But, No luck.
> 
> I tried emulating what Nico did in his build script, like this,
>  > tar -zxvf otp_src_R14B01.tar.gz
>  > cd otp_src_R14B01
>  >  export ERL_TOP=`pwd`
>  >  export 'CFLAGS=-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 
> -fstack-protector -funwind-tables -fasynchronous-unwind-tables 
> -fno-strict-aliasing'
>  >  export 'CXXFLAGS=-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 
> -fstack-protector -funwind-tables -fasynchronous-unwind-tables 
> -fno-strict-aliasing'
>  >  export FFLAGS='-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 
> -fstack-protector -funwind-tables -fasynchronous-unwind-tables'
>  >  ./configure --host=x86_64-unknown-linux-gnu 
> --build=x86_64-unknown-linux-gnu --with-ssl=/usr --enable-threads 
> --enable-smp-support --enable-kernel-poll --enable-hipe --enable-shared-zlib
>  > ulimit -c unlimited
>  > make
> 
> No errors, all is great.
> 
> 
> So something is wrong. Either in the assumptions or the setup. 
> Everything from stack-protectors, valgrind and other fortifications says 
> everything is fine.
> 
> Is the error consistent? Does it appear everytime and on the same file? 
> hipe_rtl.erl? It should anyways.
> 
> Could someone please give me some pointers on how to reproduce this?
> 
> // Björn-Egil
>     Erlang/OTP
> 
> 
> 
> On 2010-12-21 11:56, Christian Faulhammer wrote:
> > Hi,
> >
> > Kenneth Lundin<kenneth.lundin@REDACTED>:
> >> Has -D_FORTIFY_SOURCE been tried on R14B as well and did not show any
> >> buffer overflow?
> >
> >   There would have been reports (I maintain the package for Gentoo,
> > where users build the package on their system)...and there were none.
> > We use FORTIFY_SOURCE for some time now.
> >
> >> As I understand it -D_FORTIFY_SOURCE is a patch to GCC developed by
> >> Redhat and =2 can also report buffer flow for code that is correct.
> >
> >   It is included in the trunk version and used by many distributions
> > nowadays, especially for the server/hardened systems.
> >
> >> If this buffer overflow indeed is a real bug then of course we want to
> >> find it and correct it.
> >
> >   Would be nice.
> >
> > V-Li
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20101222/270c9fbc/attachment.bin>

More information about the erlang-bugs mailing list