[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6474) test004 (hdb) crashes when slapd is compiled with -D_FORTIFY_SOURCE=2

h.b.furuseth@usit.uio.no wrote:
>> There is no real buffer overflow here AFAICS but the real problem is,
>> that the destination of the strcpy() is defined as char[1] in this
>> case (it's the nrdn member of a struct diskNode). The additional
>> runtime check when compiling with -D_FORTIFY_SOURCE=2 sees that the
>> destination data will not fit in there and aborts.
> This is similar to the struct hack, except nrdn is not the last struct
> member.  IIRC it actually is invalid to use nrdn as an accessor for the
> following struct members (from the compiler's point of view).
> Another case of "not quite the Struct Hack" broke last year: ITS#6303.
> If _FORTIFY_SOURCE is warning us that gcc might break this code, the
> memcpy patch might merely shut up the warning without fixing the
> problem.  In that case, the simplest change would be to do away with
> struct diskNode - or keep it for reference but not actually use it.
> I'm reopening the ITS for someone else to decide if they care, I have
> other things on my mind currently.
Nope, we don't care. The purpose and usage of diskNode is thoroughly 
documented in the comments and all of the uses are correct. Marking this Test 

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/