[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6474) test004 (hdb) crashes when slapd is compiled with -D_FORTIFY_SOURCE=2

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6474) test004 (hdb) crashes when slapd is compiled with -D_FORTIFY_SOURCE=2
From: h.b.furuseth@usit.uio.no
Date: Tue, 13 Apr 2010 19:28:31 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

> There is no real buffer overflow here AFAICS but the real problem is,
> that the destination of the strcpy() is defined as char[1] in this
> case (it's the nrdn member of a struct diskNode). The additional
> runtime check when compiling with -D_FORTIFY_SOURCE=2 sees that the
> destination data will not fit in there and aborts.

This is similar to the struct hack, except nrdn is not the last struct
member.  IIRC it actually is invalid to use nrdn as an accessor for the
following struct members (from the compiler's point of view).

Another case of "not quite the Struct Hack" broke last year: ITS#6303.
If _FORTIFY_SOURCE is warning us that gcc might break this code, the
memcpy patch might merely shut up the warning without fixing the
problem.  In that case, the simplest change would be to do away with
struct diskNode - or keep it for reference but not actually use it.

I'm reopening the ITS for someone else to decide if they care, I have
other things on my mind currently.

-- 
Hallvard

Prev by Date: Re: (ITS#6517) undefined references to ldif_*
Next by Date: Re: (ITS#6474) test004 (hdb) crashes when slapd is compiled with -D_FORTIFY_SOURCE=2
Index(es):
- Chronological
- Thread