[erlang-bugs] R14B01: buffer overflow detected during compilation with -D_FORTIFY_SOURCE=2 (x86_64)
Kostis Sagonas
kostis@REDACTED
Wed Jan 12 10:50:12 CET 2011
Christian Faulhammer wrote:
> Hi,
>
> Nico Kruber <kruber@REDACTED>:
>
>> Most distributions nowadays adds the -D_FORTIFY_SOURCE=2 flag during
>> package compilation. I tried updating my erlang package (openSUSE
>> 11.3, x86_64) from R14B to R14B01 and received the following error
>> (also see the attached build.log.fortsource2 - compressed due to its
>> file size):
>
> This seems to be specific to 64bit arches as people could reproduce
> the problem with GCC 4.4. PLD Linux offers a fix (so they say, I still
> need reports from our users) in
> http://cvs.pld-linux.org/cgi-bin/cvsweb/packages/erlang/erlang-fortify.patch
From the patch:
-# define FILENAME_COPY(To,From) strcpy(To,From)
+# define FILENAME_COPY(To,From) memcpy(To,From,strlen(From)+1)
and its comment:
up to R14B01; replace strcpy with memcpy because fortify source
won't allow to strcpy into too short array
it's not at all clear to me why this is a 64-bit specific issue.
It seems that this is (more of) a problem of fortify, which needs fixing
here, not of Erlang/OTP.
Kostis
More information about the erlang-bugs
mailing list