This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.

Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: New read etc. checking macros

From: Jakub Jelinek <jakub at redhat dot com>
To: Roland McGrath <roland at redhat dot com>
Cc: Ulrich Drepper <drepper at redhat dot com>, Glibc hackers <libc-hacker at sources dot redhat dot com>
Date: Sat, 26 Feb 2005 01:50:41 +0100
Subject: Re: New read etc. checking macros
References: <20050226000812.GD4777@sunsite.mff.cuni.cz> <200502260046.j1Q0kgRI001009@magilla.sf.frob.com>
Reply-to: Jakub Jelinek <jakub at redhat dot com>

On Fri, Feb 25, 2005 at 04:46:42PM -0800, Roland McGrath wrote:
> > Yeah, I think we can only protect read etc. with _FORTIFY_SOURCE >= 2
> > which has some limitations against POSIX and not allowing bigger len
> > than the buffer that is provided is reasonable limitation.
> 
> Does the gcc magic handle cases like:
> 
> struct {
>   uint32_t magic;
>   char foo[3];
>   char bar[27];
> } record;
> 
> if (read(fd, &record.magic, sizeof record.magic) == sizeof record.magic &&
>     record.magic == 0x1234567)
>   n = read(fd, &record.foo, sizeof record - (&record.foo - (char*)&record));
> 
> i.e., so __bos yields 30 rather than 3?

__bos (&record.foo) is 3 for -D_FORTIFY_SOURCE=2, and 30 for
-D_FORTIFY_SOURCE=1.  So read etc. probably wants to use __bos0
(&record.foo) which is always 30.

	Jakub

References:
- Re: New read etc. checking macros
  - From: Jakub Jelinek
- Re: New read etc. checking macros
  - From: Roland McGrath

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]